| Message ID | CWXP265MB2680EBAF4FEE64FBE80FAF25C4019@CWXP265MB2680.GBRP265.PROD.OUTLOOK.COM (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block: prevent sending events from removed device | expand |
On Wed, Jun 30, 2021 at 08:09:39AM +0000, Christian L?hle wrote: > Skip kobject_uevent_env in case the associated kobject > no longer exists, as calling kobject_uevent_env with > NULL is not safe. > I don't see how this is going to work. If the device is being deleted the reference count will be zero and refcount_inc as called from kobject_get will WARN. We'll need to check the disk is marked up, and we need to do that under a lock. Something like this completely untested patch: diff --git a/block/disk-events.c b/block/disk-events.c index a75931ff5da4..27b845c51f2a 100644 --- a/block/disk-events.c +++ b/block/disk-events.c @@ -190,6 +190,9 @@ static void disk_check_events(struct disk_events *ev, spin_unlock_irq(&ev->lock); + if (!(disk->flags & GENHD_FL_UP)) + return; + /* * Tell userland about new events. Only the events listed in * @disk->events are reported, and only if DISK_EVENT_FLAG_UEVENT @@ -268,6 +271,8 @@ bool bdev_check_media_change(struct block_device *bdev) { unsigned int events; + lockdep_assert_held(&bdev->bd_disk->open_mutex); + events = disk_clear_events(bdev->bd_disk, DISK_EVENT_MEDIA_CHANGE | DISK_EVENT_EJECT_REQUEST); if (!(events & DISK_EVENT_MEDIA_CHANGE)) @@ -290,7 +295,10 @@ static void disk_events_workfn(struct work_struct *work) struct delayed_work *dwork = to_delayed_work(work); struct disk_events *ev = container_of(dwork, struct disk_events, dwork); - disk_check_events(ev, &ev->clearing); + mutex_lock(&ev->disk->open_mutex); + if (ev->disk->flags & GENHD_FL_UP) + disk_check_events(ev, &ev->clearing); + mutex_unlock(&ev->disk->open_mutex); } /* diff --git a/drivers/block/ataflop.c b/drivers/block/ataflop.c index a093644ac39f..b8e77da44235 100644 --- a/drivers/block/ataflop.c +++ b/drivers/block/ataflop.c @@ -1735,8 +1735,10 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, /* invalidate the buffer track to force a reread */ BufferDrive = -1; set_bit(drive, &fake_change); + mutex_lock(&bdev->bd_disk->open_mutex); if (bdev_check_media_change(bdev)) floppy_revalidate(bdev->bd_disk); + mutex_unlock(&bdev->bd_disk->open_mutex); return 0; default: return -EINVAL; diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c index 87460e0e5c72..2a97f22cfa0b 100644 --- a/drivers/block/floppy.c +++ b/drivers/block/floppy.c @@ -3185,8 +3185,10 @@ static int invalidate_drive(struct block_device *bdev) /* invalidate the buffer track to force a reread */ set_bit((long)bdev->bd_disk->private_data, &fake_change); process_fd_request(); + mutex_lock(&bdev->bd_disk->open_mutex); if (bdev_check_media_change(bdev)) floppy_revalidate(bdev->bd_disk); + mutex_unlock(&bdev->bd_disk->open_mutex); return 0; }
Alright Thanks, I will try out your suggestion and report back. Regards, Christian >I don't see how this is going to work. If the device is being >deleted the reference count will be zero and refcount_inc as >called from kobject_get will WARN. We'll need to check the >disk is marked up, and we need to do that under a lock. > >Something like this completely untested patch: diff --git a/block/disk-events.c b/block/disk-events.c index a75931ff5da4..27b845c51f2a 100644 --- a/block/disk-events.c +++ b/block/disk-events.c @@ -190,6 +190,9 @@ static void disk_check_events(struct disk_events *ev, spin_unlock_irq(&ev->lock); + if (!(disk->flags & GENHD_FL_UP)) + return; + /* * Tell userland about new events. Only the events listed in * @disk->events are reported, and only if DISK_EVENT_FLAG_UEVENT @@ -268,6 +271,8 @@ bool bdev_check_media_change(struct block_device *bdev) { unsigned int events; + lockdep_assert_held(&bdev->bd_disk->open_mutex); + events = disk_clear_events(bdev->bd_disk, DISK_EVENT_MEDIA_CHANGE | DISK_EVENT_EJECT_REQUEST); if (!(events & DISK_EVENT_MEDIA_CHANGE)) @@ -290,7 +295,10 @@ static void disk_events_workfn(struct work_struct *work) struct delayed_work *dwork = to_delayed_work(work); struct disk_events *ev = container_of(dwork, struct disk_events, dwork); - disk_check_events(ev, &ev->clearing); + mutex_lock(&ev->disk->open_mutex); + if (ev->disk->flags & GENHD_FL_UP) + disk_check_events(ev, &ev->clearing); + mutex_unlock(&ev->disk->open_mutex); } /* diff --git a/drivers/block/ataflop.c b/drivers/block/ataflop.c index a093644ac39f..b8e77da44235 100644 --- a/drivers/block/ataflop.c +++ b/drivers/block/ataflop.c @@ -1735,8 +1735,10 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, /* invalidate the buffer track to force a reread */ BufferDrive = -1; set_bit(drive, &fake_change); + mutex_lock(&bdev->bd_disk->open_mutex); if (bdev_check_media_change(bdev)) floppy_revalidate(bdev->bd_disk); + mutex_unlock(&bdev->bd_disk->open_mutex); return 0; default: return -EINVAL; diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c index 87460e0e5c72..2a97f22cfa0b 100644 --- a/drivers/block/floppy.c +++ b/drivers/block/floppy.c @@ -3185,8 +3185,10 @@ static int invalidate_drive(struct block_device *bdev) /* invalidate the buffer track to force a reread */ set_bit((long)bdev->bd_disk->private_data, &fake_change); process_fd_request(); + mutex_lock(&bdev->bd_disk->open_mutex); if (bdev_check_media_change(bdev)) floppy_revalidate(bdev->bd_disk); + mutex_unlock(&bdev->bd_disk->open_mutex); return 0; } Hyperstone GmbH | Line-Eid-Strasse 3 | 78467 Konstanz Managing Directors: Dr. Jan Peter Berns. Commercial register of local courts: Freiburg HRB381782
diff --git a/block/genhd.c b/block/genhd.c index 9f8cb7beaad1..46629fbe23ae 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -1655,8 +1655,16 @@ static void disk_check_events(struct disk_events *ev, (disk->event_flags & DISK_EVENT_FLAG_UEVENT)) envp[nr_events++] = disk_uevents[i]; - if (nr_events) - kobject_uevent_env(&disk_to_dev(disk)->kobj, KOBJ_CHANGE, envp); + if (nr_events) { + struct kobject *dev_kobj = kobject_get(&disk_to_dev(disk)->kobj); + /* The device kobject might have been removed in the + * meantime, so check for it first. + * If it was removed there is no need to signal events + */ + if (!dev_kobj) + kobject_uevent_env(dev_kobj, KOBJ_CHANGE, envp); + kobject_put(dev_kobj); + } } /*
Skip kobject_uevent_env in case the associated kobject no longer exists, as calling kobject_uevent_env with NULL is not safe. Signed-off-by: Christian Loehle <cloehle@hyperstone.com> --- block/genhd.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)