Commit f6920411 authored by Yu Kuai's avatar Yu Kuai
Browse files

brd: fix AA deadlock for concurrent brd_probe() 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBIWBN


CVE: NA

----------------------------------------

For concurrent brd_probe(), the first one will create brd disk and set
partition number to 0, however, the second one will found the brd disk
and keep the partition number as disk fist minor. This will case AA
deadlock for the caller because bdev is part0 while bdev->bd_partno is
not zero.

Fix the problem by always return NULL in brd_probe, hence brd_probe()
will be covered by exact_match() from __device_add_disk().

Fixes: 937af5ec ("brd: Fix all partitions BUGs")
Signed-off-by: default avatarYu Kuai <yukuai3@huawei.com>
parent cc7cb040

drivers/block/brd.c

+5 −18
Original line number Diff line number Diff line
@@ -418,15 +418,13 @@ static void brd_free(struct brd_device *brd) 
	kfree(brd);

}



static struct brd_device *brd_init_one(int i, bool *new)

static void brd_init_one(int i)

{

	struct brd_device *brd;



	*new = false;

	list_for_each_entry(brd, &brd_devices, brd_list) {

	list_for_each_entry(brd, &brd_devices, brd_list)

		if (brd->brd_number == i)

			goto out;

	}

			return;



	brd = brd_alloc(i);

	if (brd) {
@@ -434,9 +432,6 @@ static struct brd_device *brd_init_one(int i, bool *new) 
		add_disk(brd->brd_disk);

		list_add_tail(&brd->brd_list, &brd_devices);

	}

	*new = true;

out:

	return brd;

}



static void brd_del_one(struct brd_device *brd)
@@ -448,19 +443,11 @@ static void brd_del_one(struct brd_device *brd) 


static struct kobject *brd_probe(dev_t dev, int *part, void *data)

{

	struct brd_device *brd;

	struct kobject *kobj;

	bool new;



	mutex_lock(&brd_devices_mutex);

	brd = brd_init_one(MINOR(dev) / max_part, &new);

	kobj = brd ? get_disk_and_module(brd->brd_disk) : NULL;

	brd_init_one(MINOR(dev) / max_part);

	mutex_unlock(&brd_devices_mutex);



	if (new)

		*part = 0;



	return kobj;

	return NULL;

}



static inline void brd_check_and_reset_par(void)