redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers/mtd
History
Brian Norris 073db4a51e mtd: fix: avoid race condition when accessing mtd->usecount 
On A MIPS 32-cores machine a BUG_ON was triggered because some acesses to
mtd->usecount were done without taking mtd_table_mutex.
kernel: Call Trace:
kernel: [<ffffffff80401818>] __put_mtd_device+0x20/0x50
kernel: [<ffffffff804086f4>] blktrans_release+0x8c/0xd8
kernel: [<ffffffff802577e0>] __blkdev_put+0x1a8/0x200
kernel: [<ffffffff802579a4>] blkdev_close+0x1c/0x30
kernel: [<ffffffff8022006c>] __fput+0xac/0x250
kernel: [<ffffffff80171208>] task_work_run+0xd8/0x120
kernel: [<ffffffff8012c23c>] work_notifysig+0x10/0x18
kernel:
kernel:
        Code: 2442ffff  ac8202d8  000217fe <00020336> dc820128  10400003
               00000000  0040f809  00000000
kernel: ---[ end trace 080fbb4579b47a73 ]---

Fixed by taking the mutex in blktrans_open and blktrans_release.

Note that this locking is already suggested in
include/linux/mtd/blktrans.h:

struct mtd_blktrans_ops {
...
	/* Called with mtd_table_mutex held; no race with add/remove */
	int (*open)(struct mtd_blktrans_dev *dev);
	void (*release)(struct mtd_blktrans_dev *dev);
...
};

But we weren't following it.

Originally reported by (and patched by) Zhang and Giuseppe,
independently. Improved and rewritten.

Cc: stable@vger.kernel.org
Reported-by: Zhang Xingcai <zhangxingcai@huawei.com>
Reported-by: Giuseppe Cantavenera <giuseppe.cantavenera.ext@nokia.com>
Tested-by: Giuseppe Cantavenera <giuseppe.cantavenera.ext@nokia.com>
Acked-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
 		2015-05-12 10:59:53 -07:00
..
chips mtd: cfi: clean up some indenting 2015-03-30 18:01:04 -07:00
devices mtd: m25p80: remove unused flash entries from id_table 2015-05-07 00:18:24 -07:00
lpddr mtd: lpddr: fix Kconfig dependency, for I/O accessors 2014-05-26 10:38:25 -07:00
maps mtd: constify of_device_id array 2015-05-06 23:44:07 -07:00
nand mtd: nand: add common DT init code 2015-05-11 16:22:29 -07:00
onenand mtd: samsung: Constify platform_device_id 2015-05-07 00:13:24 -07:00
spi-nor mtd: spi-nor: add support for the ISSI SI25CD512 SPI flash 2015-05-07 00:18:24 -07:00
tests mtd: Make MTD tests cancelable 2015-04-05 18:12:53 -07:00
ubi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
Kconfig mtd: part: Create the master device node when partitioned 2015-04-05 17:44:01 -07:00
Makefile mtd: spi-nor: shorten Kconfig naming 2014-04-14 11:23:01 -07:00
afs.c mtd: make register_mtd_parser return void 2014-01-03 11:22:22 -08:00
ar7part.c mtd: make register_mtd_parser return void 2014-01-03 11:22:22 -08:00
bcm47xxpart.c mtd: bcm47xxpart: support SquashFS with an original magic 2015-01-07 12:24:23 -08:00
bcm63xxpart.c mtd: make register_mtd_parser return void 2014-01-03 11:22:22 -08:00
cmdlinepart.c mtd: cmdlinepart: Spelling s/trucate/truncate/ 2014-07-02 15:17:15 -07:00
ftl.c mtd/ftl: fix the double free of the buffers allocated in build_maps() 2014-07-14 18:41:20 -07:00
inftlcore.c mtd: nand: add a helper to detect the nand type 2013-10-27 16:27:06 -07:00
inftlmount.c mtd: intflmount: fix off by one error in INFTL_dumpVUchains() 2014-11-05 13:19:21 -08:00
mtd_blkdevs.c mtd: fix: avoid race condition when accessing mtd->usecount 2015-05-12 10:59:53 -07:00
mtdblock.c mtd: mtdblock: remove the needless mtdblks_lock 2015-01-07 12:51:56 -08:00
mtdblock_ro.c mtd: Move major number definitions to major.h 2013-11-06 23:32:59 -08:00
mtdchar.c fs: introduce f_op->mmap_capabilities for nommu mmap support 2015-01-20 14:02:58 -07:00
mtdconcat.c MTD updates for 3.20-rc1 2015-02-18 08:01:44 -08:00
mtdcore.c mtd: Switch to PM ops 2015-05-07 00:18:22 -07:00
mtdcore.h mtd: merge mtdchar module with mtdcore 2013-04-05 13:16:54 +01:00
mtdoops.c
mtdpart.c mtd: part: Remove partition overlap checks 2015-04-05 17:44:03 -07:00
mtdsuper.c mtd: Move major number definitions to major.h 2013-11-06 23:32:59 -08:00
mtdswap.c mtd: use __packed shorthand 2014-08-19 11:53:08 -07:00
nftlcore.c mtd: nand: add a helper to detect the nand type 2013-10-27 16:27:06 -07:00
nftlmount.c mtd: nftl: reorganize operations in condition check 2015-01-09 15:26:29 -08:00
ofpart.c mtd: make register_mtd_parser return void 2014-01-03 11:22:22 -08:00
redboot.c mtd: make register_mtd_parser return void 2014-01-03 11:22:22 -08:00
rfd_ftl.c mtd: remove some duplicative checks 2014-03-10 22:42:25 -07:00
sm_ftl.c mtd: sm_ftl: initialize error code 2014-08-19 11:53:07 -07:00
sm_ftl.h
ssfdc.c mtd: nand: add a helper to detect the nand type 2013-10-27 16:27:06 -07:00