On Sun, Sep 29, 2019 at 4:05 PM Hou Tao <houtao1@xxxxxxxxxx> wrote:
>
> There may be list corruption if there are concurrent list traversal
> and list deletion on tr->devs as showed in the following case:
>
> CPU 0 CPU 1
>
> open /dev/mtdblock1
>
> // remove mtd1
> blktrans_notify_remove()
> del_mtd_blktrans_dev()
>
> close /dev/mtdblock1
> blktrans_release
> blktrans_dev_put
> acquire blktrans_ref_mutex // remove mtd0
> // the final release acquire mtd_table_mutex
> blktrans_dev_release() blktrans_notify_remove()
> // remove mtdblock1 // next is mtdblock1
> list_del(&dev->list) list_for_each_entry_safe()
>
> We could fix the problem by acquiring blktrans_ref_mutex during
> the traversal of tr->devs, but blktrans_ref_mutex needs to be released
> before invoking tr->remote_dev(), so we also need to increase the kref
> of current device else the device may be freed and decrease the kref
> after the removal.
>
> Or we could move the list deletion to del_mtd_blktrans_dev(), and protect
> the operations on tr->devs by mtd_table_mutex which has already be taken.
>
> The latter fix is simpler. We also can remove the unnecessary acquisitions
> of blktrans_ref_mutex in add_mtd_blktrans_dev() because operations on
> tr->devs have already been protected by mtd_table_mutex.
>
> Fixes: 048d87199566 ("mtd: blktrans: Hotplug fixes")
> Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
> ---
> I found the problem by code review, and could not find a way to
> ensure the problem, because the removal of mtd devices almost
> comes from the removal of modules, and the open of /dev/mtdblockX
> will prevent the module from removing.
I'm confused. Can the problem only happen if you remove a mtd while
it is open?
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
Re: [PATCH] mtd: blkdevs: protect tr->devs list by mtd_table_mutex
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH] mtd: blkdevs: protect tr->devs list by mtd_table_mutex
- From: Richard Weinberger <richard.weinberger@xxxxxxxxx>
- Date: Tue, 15 Oct 2019 22:10:13 +0200
- Cc: Maxim Levitsky <maximlevitsky@xxxxxxxxx>, Richard Weinberger <richard@xxxxxx>, Marek Vasut <marek.vasut@xxxxxxxxx>, linux-mtd@xxxxxxxxxxxxxxxxxxx, Miquel Raynal <miquel.raynal@xxxxxxxxxxx>, Brian Norris <computersforpeace@xxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>, Vignesh Raghavendra <vigneshr@xxxxxx>
- In-reply-to: <20190929141157.115845-1-houtao1@huawei.com>
- References: <20190929141157.115845-1-houtao1@huawei.com>
- Follow-Ups:
- References:
- Prev by Date: Re: [PATCH] mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
- Next by Date: Re: mtdswap + ubi results in deadlock
- Previous by thread: Re: [PATCH] mtd: blkdevs: protect tr->devs list by mtd_table_mutex
- Next by thread: Re: [PATCH] mtd: blkdevs: protect tr->devs list by mtd_table_mutex
- Index(es):
 |