| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jan 2010 11:53:49 +0900 From: Tejun Heo <tj@...nel.org> To: Maxim Levitsky <maximlevitsky@...il.com> CC: linux-kernel <linux-kernel@...r.kernel.org>, Jens Axboe <jens.axboe@...cle.com> Subject: Re: [block subsystem] Need help to prevent races on unexpected device removal (cc'ing Jens) Hello, Sorry about the late reply. I tagged this while I was watching block related mails a couple of weeks ago but forgot about this. On 01/04/2010 04:13 AM, Maxim Levitsky wrote: > During development of hotplug support for mtd translation layer I seems > to be unable to figure a way to prevent following race: > > First of all, a block device is registered. I attach a private structure > to that device to save all internal information. I suppose you're talking about struct gendisk and using gendisk->private_data for the private data, right? > Then out of the blue (when user pulls off the card) I receive a request > to remove the device. > > In the function that handles such removal, I do: > > del_gendisk(... > blk_start_queue > > stop thread that processes the requests > > blk_cleanup_queue(old->rq); > > > The problem is that I don't know where/when to free the private > structure. > > I though about adding a field to the structure, with name 'invalid', so > that release will not attempt to go futher, but free the structure, but > what happens if release is never called? > In other words this will work as long as there is a user of the block > device. > > I thought then that I can detect that condition and free the structure > in the removal function itself, but then I get a race with ->open > running in same time, and mutex will not prevent it, I will have to > release it somwhen, and then ->open will access a freed structure.... On hotunplug, the driver should mark the device dead so that all further operations coming from existing open fail and then put the base reference. On the final put which may happen either as part of device destruction or release, the private data structure can be destroyed while holding a mutex. Open can be protected by grabbing the mutex before dereferencing the private_data. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists