Commit 75b7f62a authored Aug 25, 2021 by Tetsuo Handa Committed by Jens Axboe Aug 25, 2021

nbd: prevent IDR lookups from finding partially initialized devices



Previously nbd_index_mutex was held during whole add/remove/lookup
operations in order to guarantee that partially initialized devices are
not reachable via idr_find() or idr_for_each(). But now that partially
initialized devices become reachable as soon as idr_alloc() succeeds,
we need to skip partially initialized devices. Since it seems that
all functions use refcount_inc_not_zero(&nbd->refs) in order to skip
destroying devices, update nbd->refs from zero to non-zero as the last
step of device initialization in order to also skip partially initialized
devices.

Fixes: 6e4df4c6 ("nbd: reduce the nbd_index_mutex scope")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[hch: split from a larger patch, added comments]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210825163108.50713-4-hch@lst.de


Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 409e0ff1

drivers/block/nbd.c

+10 −1

Original line number	Diff line number	Diff line
		@@ -1747,7 +1747,11 @@ static struct nbd_device *nbd_dev_add(int index, unsigned int refs)

		mutex_init(&nbd->config_lock);
		refcount_set(&nbd->config_refs, 0);
		refcount_set(&nbd->refs, refs);
		/*
		* Start out with a zero references to keep other threads from using
		* this device until it is fully initialized.
		*/
		refcount_set(&nbd->refs, 0);
		INIT_LIST_HEAD(&nbd->list);
		disk->major = NBD_MAJOR;

		@@ -1766,6 +1770,11 @@ static struct nbd_device *nbd_dev_add(int index, unsigned int refs)
		disk->private_data = nbd;
		sprintf(disk->disk_name, "nbd%d", index);
		add_disk(disk);

		/*
		* Now publish the device.
		*/
		refcount_set(&nbd->refs, refs);
		nbd_total_devices++;
		return nbd;