On Thu 26-11-20 14:04:15, Christoph Hellwig wrote:
> struct hd_struct *disk_get_part(struct gendisk *disk, int partno)
> {
> - struct hd_struct *part;
> + struct block_device *part;
>
> rcu_read_lock();
> part = __disk_get_part(disk, partno);
> - if (part)
> - get_device(part_to_dev(part));
> - rcu_read_unlock();
> + if (!part) {
> + rcu_read_unlock();
> + return NULL;
> + }
>
> - return part;
> + get_device(part_to_dev(part->bd_part));
> + rcu_read_unlock();
> + return part->bd_part;
> }
This is not directly related to this particular patch but I'm wondering:
What prevents say del_gendisk() from racing with disk_get_part(), so that
delete_partition() is called just after we fetched 'part' pointer and the
last 'part' kobject ref is dropped before disk_get_part() calls
get_device()? I don't see anything preventing that and so we'd hand out
'part' that is soon to be freed (after RCU grace period expires).
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
