There is a race between dev_create() and find_device().
If the mdptr has not yet been stored against a device,
find_device() needs to behave as though no device was
found. It already returns NULL, but there is a dm_put()
missing: it must drop the reference dm_get_md() took.
The bug was introduced by dm-fix-mapped-device-ref-counting.patch.
It manifests itself if another dm ioctl attempts to reference a
newly-created device while the device creation ioctl is still running.
The consequence is that the device cannot be removed until the machine
is rebooted. Certain udev configurations can lead to this happening.
Signed-off-by: Alasdair G Kergon <[email protected]>
Cc: [email protected]
Index: linux-2.6.19-rc4/drivers/md/dm-ioctl.c
===================================================================
--- linux-2.6.19-rc4.orig/drivers/md/dm-ioctl.c 2006-11-07 17:06:30.000000000 +0000
+++ linux-2.6.19-rc4/drivers/md/dm-ioctl.c 2006-11-07 17:07:53.000000000 +0000
@@ -606,9 +606,14 @@ static struct hash_cell *__find_device_h
return __get_name_cell(param->name);
md = dm_get_md(huge_decode_dev(param->dev));
- if (md)
- mdptr = dm_get_mdptr(md);
+ if (!md)
+ goto out;
+ mdptr = dm_get_mdptr(md);
+ if (!mdptr)
+ dm_put(md);
+
+out:
return mdptr;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
