diff options
author | Miklos Szeredi <mszeredi@suse.cz> | 2011-02-24 09:45:41 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-02-24 11:54:21 -0500 |
commit | 3c522cedb572bb8d2e4867f358bdaa7d0c53d88c (patch) | |
tree | b348cabd2574638702f9abcccd0b8b711b136162 | |
parent | dcace5ac85c628af21878a1fa151e5e6403fb8eb (diff) |
block: fix refcounting in BLKBSZSET
Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.
The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev. This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.
The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().
This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=29202
(and likely 29792 too)
Reported-by: Adam Kovari <kovariadam@gmail.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | block/ioctl.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/block/ioctl.c b/block/ioctl.c index 9049d460fa89..1124cd297263 100644 --- a/block/ioctl.c +++ b/block/ioctl.c | |||
@@ -294,9 +294,11 @@ int blkdev_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd, | |||
294 | return -EINVAL; | 294 | return -EINVAL; |
295 | if (get_user(n, (int __user *) arg)) | 295 | if (get_user(n, (int __user *) arg)) |
296 | return -EFAULT; | 296 | return -EFAULT; |
297 | if (!(mode & FMODE_EXCL) && | 297 | if (!(mode & FMODE_EXCL)) { |
298 | blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0) | 298 | bdgrab(bdev); |
299 | return -EBUSY; | 299 | if (blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0) |
300 | return -EBUSY; | ||
301 | } | ||
300 | ret = set_blocksize(bdev, n); | 302 | ret = set_blocksize(bdev, n); |
301 | if (!(mode & FMODE_EXCL)) | 303 | if (!(mode & FMODE_EXCL)) |
302 | blkdev_put(bdev, mode | FMODE_EXCL); | 304 | blkdev_put(bdev, mode | FMODE_EXCL); |