linux/fs
Mikulas Patocka b87570f5d3 Fix a crash when block device is read and block size is changed at the same time
The kernel may crash when block size is changed and I/O is issued
simultaneously.

Because some subsystems (udev or lvm) may read any block device anytime,
the bug actually puts any code that changes a block device size in
jeopardy.

The crash can be reproduced if you place "msleep(1000)" to
blkdev_get_blocks just before "bh->b_size = max_blocks <<
inode->i_blkbits;".
Then, run "dd if=/dev/ram0 of=/dev/null bs=4k count=1 iflag=direct"
While it is waiting in msleep, run "blockdev --setbsz 2048 /dev/ram0"
You get a BUG.

The direct and non-direct I/O is written with the assumption that block
size does not change. It doesn't seem practical to fix these crashes
one-by-one there may be many crash possibilities when block size changes
at a certain place and it is impossible to find them all and verify the
code.

This patch introduces a new rw-lock bd_block_size_semaphore. The lock is
taken for read during I/O. It is taken for write when changing block
size. Consequently, block size can't be changed while I/O is being
submitted.

For asynchronous I/O, the patch only prevents block size change while
the I/O is being submitted. The block size can change when the I/O is in
progress or when the I/O is being finished. This is acceptable because
there are no accesses to block size when asynchronous I/O is being
finished.

The patch prevents block size changing while the device is mapped with
mmap.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2012-09-26 07:46:40 +02:00
..
9p 9p: Push file_update_time() into v9fs_vm_page_mkwrite() 2012-07-31 01:02:46 +04:00
adfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
affs affs: use memweight() 2012-07-30 17:25:16 -07:00
afs VFS: Pass mount flags to sget() 2012-07-14 16:38:34 +04:00
autofs4 autofs4 - fix expire check 2012-08-17 06:56:39 -07:00
befs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
bfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2012-08-29 11:36:22 -07:00
cachefiles fs: cachefiles: add support for large files in filesystem caching 2012-07-30 17:25:21 -07:00
ceph ceph: avoid divide by zero in __validate_layout() 2012-08-21 15:55:28 -07:00
cifs CIFS: Fix cifs_do_create error hadnling 2012-08-19 22:30:18 -05:00
coda don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
configfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
cramfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
debugfs Driver core merge for 3.6-rc1 2012-07-26 11:25:33 -07:00
devpts VFS: Pass mount flags to sget() 2012-07-14 16:38:34 +04:00
dlm dlm: fix missing dir remove 2012-07-16 14:24:43 -05:00
ecryptfs - Fixes a bug when the lower filesystem mount options include 'acl', but the 2012-08-02 10:56:34 -07:00
efs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
exofs block: Add bio_clone_bioset(), bio_clone_kmalloc() 2012-09-09 10:35:39 +02:00
exportfs switch dentry_open() to struct path, make it grab references itself 2012-07-23 00:01:29 +04:00
ext2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
ext3 ext3: nuke write_super from comments 2012-08-04 12:15:32 +04:00
ext4 The following are all bug fixes and regressions. The most notable are 2012-08-17 08:04:47 -07:00
fat Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
freevxfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
fscache
fuse Merge branch 'vfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs 2012-08-18 10:02:17 -07:00
gfs2 gfs2: nuke pdflush from comments 2012-08-04 12:15:40 +04:00
hfs hfs: nuke write_super from comments 2012-08-04 12:15:38 +04:00
hfsplus hfsplus: use -ENOMEM when kzalloc() fails 2012-07-30 17:25:19 -07:00
hostfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
hpfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
hppfs switch dentry_open() to struct path, make it grab references itself 2012-07-23 00:01:29 +04:00
hugetlbfs hugetlb: use mmu_gather instead of a temporary linked list for accumulating pages 2012-07-31 18:42:40 -07:00
isofs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-07-24 17:40:44 -07:00
jbd jbd: don't write superblock when unmounting an ro filesystem 2012-08-15 13:53:30 +02:00
jbd2 The following are all bug fixes and regressions. The most notable are 2012-08-17 08:04:47 -07:00
jffs2 don't expose I_NEW inodes via dentry->d_inode 2012-07-23 00:00:58 +04:00
jfs don't expose I_NEW inodes via dentry->d_inode 2012-07-23 00:00:58 +04:00
lockd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
logfs Pull request from git://github.com/prasad-joshi/logfs_upstream.git 2012-08-26 10:14:11 -07:00
minix minixfs: fix block limit check 2012-07-30 17:25:19 -07:00
ncpfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
nfs NFSv3: Ensure that do_proc_get_root() reports errors correctly 2012-08-20 12:52:42 -04:00
nfs_common
nfsd nfsd4: fix security flavor of NFSv4.0 callback 2012-08-20 18:38:36 -04:00
nilfs2 nilfs2: nuke write_super from comments 2012-08-04 12:15:38 +04:00
nls nls: fix (and rename) mac NLS table files and config options 2012-06-01 19:51:22 -07:00
notify switch dentry_open() to struct path, make it grab references itself 2012-07-23 00:01:29 +04:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
ocfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
omfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
openpromfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
proc proc: do not allow negative offsets on /proc/<pid>/environ 2012-07-30 17:25:20 -07:00
pstore pstore/ram: Make tracing log versioned 2012-07-17 16:48:09 -07:00
qnx4 qnx4fs: use memweight() 2012-07-30 17:25:16 -07:00
qnx6 stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
quota quota: Move down dqptr_sem read after initializing default warn[] type at __dquot_alloc_space(). 2012-08-15 00:22:57 +02:00
ramfs don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
reiserfs reiserfs: fix deadlocks with quotas 2012-08-15 00:22:57 +02:00
romfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
squashfs stop passing nameidata to ->lookup() 2012-07-14 16:34:32 +04:00
sysfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
sysv fs/sysv: stop using write_super and s_dirt 2012-07-22 23:58:12 +04:00
ubifs UBIFS: fix error messages spelling 2012-08-22 17:41:09 +03:00
udf udf: fix retun value on error path in udf_load_logicalvol 2012-08-15 14:23:23 +02:00
ufs fs/ufs: get rid of write_super 2012-07-22 23:58:16 +04:00
xfs xfs: check for possible overflow in xfs_ioc_trim 2012-08-23 14:48:44 -05:00
aio.c aio: now fput() is OK from interrupt context; get rid of manual delayed __fput() 2012-07-22 23:57:59 +04:00
anon_inodes.c
attr.c notify_change(): check that i_mutex is held 2012-07-14 16:35:42 +04:00
bad_inode.c don't pass nameidata to ->create() 2012-07-14 16:34:47 +04:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c binfmt_elf: switch elf_map() to vm_mmap/vm_munmap 2012-05-30 21:04:55 -04:00
binfmt_em86.c
binfmt_flat.c binfmt_flat: use vm_munmap, we are missing ->mmap_sem there 2012-05-30 21:04:56 -04:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Ues bi_pool for bio_integrity_alloc() 2012-09-09 10:35:38 +02:00
bio.c block: Implement support for WRITE SAME 2012-09-20 14:31:45 +02:00
block_dev.c Fix a crash when block device is read and block size is changed at the same time 2012-09-26 07:46:40 +02:00
buffer.c block: replace __getblk_slow misfix by grow_dev_page fix 2012-08-23 12:17:36 +02:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c vfs: missed source of ->f_pos races 2012-08-20 10:11:47 -07:00
dcache.c __d_unalias() should refuse to move mountpoints 2012-07-14 16:35:15 +04:00
dcookies.c
direct-io.c block: move down direct IO plugging 2012-08-09 15:23:09 +02:00
drop_caches.c
eventfd.c eventfd: change int to __u64 in eventfd_signal() 2012-05-31 17:49:32 -07:00
eventpoll.c eventpoll: use-after-possible-free in epoll_create1() 2012-08-22 10:26:55 -04:00
exec.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
fcntl.c c/r: fcntl: add F_GETOWNER_UIDS option 2012-07-30 17:25:21 -07:00
fhandle.c
fifo.c fifo: Do not restart open() if it already found a partner 2012-07-16 08:33:14 -07:00
file_table.c fs: Add freezing handling to mnt_want_write() / mnt_drop_write() 2012-07-31 09:40:38 +04:00
file.c
filesystems.c
fs_struct.c get rid of ->mnt_longterm 2012-07-14 16:32:47 +04:00
fs-writeback.c mm: prepare for removal of obsolete /proc/sys/vm/nr_pdflush_threads 2012-07-31 18:42:40 -07:00
generic_acl.c
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
internal.h fs: Add freezing handling to mnt_want_write() / mnt_drop_write() 2012-07-31 09:40:38 +04:00
ioctl.c
ioprio.c Merge branch 'for-3.5/core' of git://git.kernel.dk/linux-block 2012-05-30 08:52:42 -07:00
Kconfig
Kconfig.binfmt
libfs.c VFS: Pass mount flags to sget() 2012-07-14 16:38:34 +04:00
locks.c locks: remove unused lm_release_private 2012-08-01 09:01:46 -07:00
Makefile
mbcache.c
mount.h get rid of magic in proc_namespace.c 2012-07-14 16:32:48 +04:00
mpage.c
namei.c fs: fix fs/namei.c kernel-doc warnings 2012-08-22 10:30:10 -04:00
namespace.c fs: Add freezing handling to mnt_want_write() / mnt_drop_write() 2012-07-31 09:40:38 +04:00
no-block.c
open.c vfs: canonicalize create mode in build_open_flags() 2012-08-15 13:01:24 +02:00
pipe.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
pnode.c VFS: Make clone_mnt()/copy_tree()/collect_mounts() return errors 2012-07-14 16:37:27 +04:00
pnode.h
posix_acl.c
proc_namespace.c get rid of magic in proc_namespace.c 2012-07-14 16:32:48 +04:00
read_write.c vfs: allow custom EOF in generic_file_llseek code 2012-07-23 00:00:15 +04:00
read_write.h
readdir.c switch readdir/getdents to fget_light/fput_light 2012-05-29 23:28:29 -04:00
select.c posix_types.h: Cleanup stale __NFDBITS and related definitions 2012-07-26 13:36:43 -07:00
seq_file.c seq_file: Add seq_vprintf function and export it 2012-06-11 13:16:35 +01:00
signalfd.c switch signalfd4() to fget_light/fput_light 2012-05-29 23:28:30 -04:00
splice.c fs: Protect write paths by sb_start_write - sb_end_write 2012-07-31 09:45:47 +04:00
stack.c
stat.c
statfs.c switch statfs to fget_light/fput_light 2012-05-29 23:28:31 -04:00
super.c vfs: kill write_super and sync_supers 2012-08-04 01:24:44 +04:00
sync.c vfs: Avoid unnecessary WB_SYNC_NONE writeback during sys_sync and reorder sync passes 2012-07-22 23:59:01 +04:00
timerfd.c
utimes.c switch utimes() to fget_light/fput_light 2012-05-29 23:28:32 -04:00
xattr_acl.c
xattr.c fs/xattr.c:getxattr(): improve handling of allocation failures 2012-07-30 17:25:11 -07:00