From patchwork Wed Mar 30 00:46:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ming Lei X-Patchwork-Id: 8691821 Return-Path: X-Original-To: patchwork-linux-block@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 3FB12C0553 for ; Wed, 30 Mar 2016 00:46:50 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 5D6F020351 for ; Wed, 30 Mar 2016 00:46:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 374FE20166 for ; Wed, 30 Mar 2016 00:46:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752750AbcC3Aqr (ORCPT ); Tue, 29 Mar 2016 20:46:47 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:35378 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751128AbcC3Aqq (ORCPT ); Tue, 29 Mar 2016 20:46:46 -0400 Received: by mail-pf0-f194.google.com with SMTP id t66so796481pfb.2; Tue, 29 Mar 2016 17:46:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2dK+udcqY0sPiLu5gC0knQ5Ubqb+VtLuTgq717I9xRs=; b=Wr8giosd7LWcsd4b8JtsCoczN0KTl9iLIwDMGFiOPhPPwCds/UrF86uTtSLcBcytEw onkBht5xv99+HFYCJmRH8/B7eY/VcyHBO7cfKhonJ94RrF1mhELAsLKm5NjPKILX1O+f Py5dnl62fWnfodcQ6iH/Vjh7x22gite7O4OK9l0KH0HTA2UTXEMZzOhtq002WwLpn2FJ ZwqdqDlv8gETTXkK+vMA3vk64w+JEheRO5XTjhHPKpmK2/oyiy7jgt2Vpqj9uTS82rJL Eet4zaxUvlVFJ2iJ8J192+doRKAlDyP2qjRmy39iy/9TgpN7k3Mh5FWjCqIum9jjO/k5 a7ZQ== X-Gm-Message-State: AD7BkJJqMixAE8hwGcvQGCcou3R1lEAoQ3DtD0XKz0A/8N1WMizYBDHKnyUFSyKd42z5Vg== X-Received: by 10.98.31.79 with SMTP id f76mr8251182pff.92.1459298805355; Tue, 29 Mar 2016 17:46:45 -0700 (PDT) Received: from localhost (45-125-195-13.ip4.readyserver.sg. [45.125.195.13]) by smtp.gmail.com with ESMTPSA id q20sm1007674pfi.63.2016.03.29.17.46.41 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Tue, 29 Mar 2016 17:46:44 -0700 (PDT) From: Ming Lei To: Jens Axboe , linux-kernel@vger.kernel.org Cc: linux-block@vger.kernel.org, Christoph Hellwig , Naveen Kaje , Ming Lei , Subject: [PATCH] block: partition: initialize percpuref before sending out KOBJ_ADD Date: Wed, 30 Mar 2016 08:46:31 +0800 Message-Id: <1459298791-32447-1-git-send-email-ming.lei@canonical.com> X-Mailer: git-send-email 1.9.1 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RCVD_IN_SBL, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The initialization of partition's percpu_ref should have been done before sending out KOBJ_ADD uevent, which may cause userspace to read partition table. So the uninitialized percpu_ref may be accessed in data path. This patch fixes this issue reported by Naveen. Reported-by: Naveen Kaje Tested-by: Naveen Kaje Fixes: 6c71013ecb7e2(block: partition: convert percpu ref) Cc: # v4.3+ Signed-off-by: Ming Lei --- block/partition-generic.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/block/partition-generic.c b/block/partition-generic.c index 5d87019..84c53f0 100644 --- a/block/partition-generic.c +++ b/block/partition-generic.c @@ -361,15 +361,20 @@ struct hd_struct *add_partition(struct gendisk *disk, int partno, goto out_del; } + err = hd_ref_init(p); + if (err) { + if (flags & ADDPART_FLAG_WHOLEDISK) + goto out_remove_file; + goto out_del; + } + /* everything is up and running, commence */ rcu_assign_pointer(ptbl->part[partno], p); /* suppress uevent if the disk suppresses it */ if (!dev_get_uevent_suppress(ddev)) kobject_uevent(&pdev->kobj, KOBJ_ADD); - - if (!hd_ref_init(p)) - return p; + return p; out_free_info: free_part_info(p); @@ -378,6 +383,8 @@ out_free_stats: out_free: kfree(p); return ERR_PTR(err); +out_remove_file: + device_remove_file(pdev, &dev_attr_whole_disk); out_del: kobject_put(p->holder_dir); device_del(pdev);