On Thu, Nov 26, 2020 at 05:33:41PM +0100, Jan Kara wrote:
> > bdev->bd_contains = whole;
> > - bdev->bd_part = disk_get_part(disk, partno);
> > - if (!(disk->flags & GENHD_FL_UP) ||
> > - !bdev->bd_part || !bdev->bd_part->nr_sects) {
> > + bdev->bd_part = disk_get_part(disk, bdev->bd_partno);
> > + if (!bdev->bd_part || !bdev->bd_part->nr_sects) {
>
> AFAICT it is still possible that we see !(disk->flags & GENHD_FL_UP) here,
> isn't it? Is it safe to remove because the nr_sects check is already
> equivalent to it? Or something else?
At this point we already have the disk abd bdev reference, so we're not
closing any new race here. That being said we might as well keep this
check to not bother going ahead when the disk is already torn down.
> I think bdget() above needs to be already under bdev_lookup_sem. Otherwise
> disk_to_dev(bdev->bd_disk)->kobj below is a potential use-after-free.
Yes. I've fixed this and the other issues.
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
