[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190516114817.GD13274@quack2.suse.cz>
Date: Thu, 16 May 2019 13:48:17 +0200
From: Jan Kara <jack@...e.cz>
To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc: Jan Kara <jack@...e.cz>, Jens Axboe <axboe@...nel.dk>,
Alexander Viro <viro@...iv.linux.org.uk>,
syzbot <syzbot+10007d66ca02b08f0e60@...kaller.appspotmail.com>,
dvyukov@...gle.com, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
linux-block@...r.kernel.org
Subject: Re: INFO: task hung in __get_super
On Wed 15-05-19 15:07:30, Jan Kara wrote:
> On Wed 15-05-19 20:32:27, Tetsuo Handa wrote:
> > On 2019/05/15 19:21, Jan Kara wrote:
> > > The question is how to fix this problem. The simplest fix I can see is that
> > > we'd just refuse to do LOOP_SET_FD if someone has the block device
> > > exclusively open as there are high chances such user will be unpleasantly
> > > surprised by the device changing under him. OTOH this has some potential
> > > for userspace visible regressions. But I guess it's worth a try. Something
> > > like attached patch?
> >
> > (1) If I understand correctly, FMODE_EXCL is set at blkdev_open() only if
> > O_EXCL is specified.
>
> Yes.
>
> > How can we detect if O_EXCL was not used, for the reproducer (
> > https://syzkaller.appspot.com/text?tag=ReproC&x=135385a8a00000 ) is not
> > using O_EXCL ?
>
> mount_bdev() is using O_EXCL and that's what matters.
>
> > (2) There seems to be no serialization. What guarantees that mount_bdev()
> > does not start due to preempted after the check added by this patch?
>
> That's a good question. lo_ctl_mutex actually synchronizes most of this
> (taken in both loop_set_fd() and lo_open()) but you're right that there's
> still a small race window where loop_set_fd() need not see bdev->bd_holders
> elevated while blkdev_get() will succeed. So I need to think a bit more
> about proper synchronization of this.
OK, so non-racy fix was a bit more involved and I've ended up just
upgrading the file reference to an exclusive one in loop_set_fd() instead
of trying to hand-craft some locking solution. The result is attached and
it passes blktests.
Let syzbot also test it:
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.1
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
View attachment "0001-loop-Don-t-change-loop-device-under-exclusive-opener.patch" of type "text/x-patch" (2346 bytes)
Powered by blists - more mailing lists