[1/8] block: delay freeing the gendisk

Message ID	20210721153523.103818-2-hch@lst.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-btrfs-owner@kernel.org> From: Christoph Hellwig <hch@lst.de> To: Jens Axboe <axboe@kernel.dk> Cc: Josef Bacik <josef@toxicpanda.com>, David Sterba <dsterba@suse.com>, linux-block@vger.kernel.org, linux-btrfs@vger.kernel.org Subject: [PATCH 1/8] block: delay freeing the gendisk Date: Wed, 21 Jul 2021 17:35:16 +0200 Message-Id: <20210721153523.103818-2-hch@lst.de> In-Reply-To: <20210721153523.103818-1-hch@lst.de> References: <20210721153523.103818-1-hch@lst.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[1/8] block: delay freeing the gendisk \| expand [1/8] block: delay freeing the gendisk [2/8] block: assert the locking state in delete_partition [3/8] block: grab a device model reference in blkdev_get_no_open [4/8] block: don't grab a reference to the whole device in blkdev_get_part [5/8] btrfs: no need to grab a reference to disk->part0 [6/8] loop: don't grab a reference to the block device [7/8] block: remove bdgrab [8/8] block: remove bdget/bdput

Message ID

20210721153523.103818-2-hch@lst.de (mailing list archive)

State

New, archived

Headers

From: Christoph Hellwig <hch@lst.de>
To: Jens Axboe <axboe@kernel.dk>
Cc: Josef Bacik <josef@toxicpanda.com>,
        David Sterba <dsterba@suse.com>, linux-block@vger.kernel.org,
        linux-btrfs@vger.kernel.org
Subject: [PATCH 1/8] block: delay freeing the gendisk
Date: Wed, 21 Jul 2021 17:35:16 +0200
Message-Id: <20210721153523.103818-2-hch@lst.de>
In-Reply-To: <20210721153523.103818-1-hch@lst.de>
References: <20210721153523.103818-1-hch@lst.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[1/8] block: delay freeing the gendisk | expand

Commit Message

Christoph Hellwig July 21, 2021, 3:35 p.m. UTC

blkdev_get_no_open acquires a reference to the block_device through
the block device inode and then tries to acquire a device model
reference to the gendisk.  But at this point the disk migh already
be freed (although the race is free).  Fix this by only freeing the
gendisk from the whole device bdevs ->free_inode callback as well.

Fixes: 22ae8ce8b892 ("block: simplify bdev/disk lookup in blkdev_get")
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 block/genhd.c  | 3 +--
 fs/block_dev.c | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

Comments

Ming Lei July 22, 2021, 2:05 a.m. UTC | #1

On Wed, Jul 21, 2021 at 05:35:16PM +0200, Christoph Hellwig wrote:
> blkdev_get_no_open acquires a reference to the block_device through
> the block device inode and then tries to acquire a device model
> reference to the gendisk.  But at this point the disk migh already
> be freed (although the race is free).  Fix this by only freeing the
> gendisk from the whole device bdevs ->free_inode callback as well.
> 
> Fixes: 22ae8ce8b892 ("block: simplify bdev/disk lookup in blkdev_get")
> Signed-off-by: Christoph Hellwig <hch@lst.de>

Reviewed-by: Ming Lei <ming.lei@redhat.com>

diff --git a/block/genhd.c b/block/genhd.c
index af4d2ab4a633..e6d782714ad3 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1079,10 +1079,9 @@  static void disk_release(struct device *dev)
 	disk_release_events(disk);
 	kfree(disk->random);
 	xa_destroy(&disk->part_tbl);
-	bdput(disk->part0);
 	if (test_bit(GD_QUEUE_REF, &disk->state) && disk->queue)
 		blk_put_queue(disk->queue);
-	kfree(disk);
+	bdput(disk->part0);
 }
 struct class block_class = {
 	.name		= "block",
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 0c424a0cadaa..9ef4f1fc2cb0 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -812,6 +812,8 @@  static void bdev_free_inode(struct inode *inode)
 	free_percpu(bdev->bd_stats);
 	kfree(bdev->bd_meta_info);
 
+	if (!bdev_is_partition(bdev))
+		kfree(bdev->bd_disk);
 	kmem_cache_free(bdev_cachep, BDEV_I(inode));
 }

[1/8] block: delay freeing the gendisk

Commit Message

Comments

Patch