diff options
author | Josh Durgin <josh.durgin@inktank.com> | 2013-09-30 17:09:54 -0700 |
---|---|---|
committer | Josh Durgin <josh.durgin@inktank.com> | 2014-06-10 18:09:25 -0700 |
commit | 77f33c03739697d01c2e730e4c2610424059ceaf (patch) | |
tree | ef743e8e3760b1c8f0db3a12f4b97d9102c65d44 /drivers/block | |
parent | 131fd9f6fc89ad2cc993f80664d18ca49d6f8483 (diff) | |
download | op-kernel-dev-77f33c03739697d01c2e730e4c2610424059ceaf.zip op-kernel-dev-77f33c03739697d01c2e730e4c2610424059ceaf.tar.gz |
rbd: move calls that may sleep out of spin lock range
get_user() and set_disk_ro() may allocate memory, leading to a
potential deadlock if theye are called while a spin lock is held.
Move the acquisition and release of rbd_dev->lock from rbd_ioctl()
into rbd_ioctl_set_ro(), so it can occur between get_user() and
set_disk_ro().
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Diffstat (limited to 'drivers/block')
-rw-r--r-- | drivers/block/rbd.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index 1c88fba..6423f6e 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -561,9 +561,12 @@ static void rbd_release(struct gendisk *disk, fmode_t mode) static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg) { + int ret = 0; int val; bool ro; + bool ro_changed = false; + /* get_user() may sleep, so call it before taking rbd_dev->lock */ if (get_user(val, (int __user *)(arg))) return -EFAULT; @@ -572,12 +575,25 @@ static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg) if (rbd_dev->spec->snap_id != CEPH_NOSNAP && !ro) return -EROFS; + spin_lock_irq(&rbd_dev->lock); + /* prevent others open this device */ + if (rbd_dev->open_count > 1) { + ret = -EBUSY; + goto out; + } + if (rbd_dev->mapping.read_only != ro) { rbd_dev->mapping.read_only = ro; - set_disk_ro(rbd_dev->disk, ro ? 1 : 0); + ro_changed = true; } - return 0; +out: + spin_unlock_irq(&rbd_dev->lock); + /* set_disk_ro() may sleep, so call it after releasing rbd_dev->lock */ + if (ret == 0 && ro_changed) + set_disk_ro(rbd_dev->disk, ro ? 1 : 0); + + return ret; } static int rbd_ioctl(struct block_device *bdev, fmode_t mode, @@ -586,13 +602,6 @@ static int rbd_ioctl(struct block_device *bdev, fmode_t mode, struct rbd_device *rbd_dev = bdev->bd_disk->private_data; int ret = 0; - spin_lock_irq(&rbd_dev->lock); - /* prevent others open this device */ - if (rbd_dev->open_count > 1) { - ret = -EBUSY; - goto out; - } - switch (cmd) { case BLKROSET: ret = rbd_ioctl_set_ro(rbd_dev, arg); @@ -601,8 +610,6 @@ static int rbd_ioctl(struct block_device *bdev, fmode_t mode, ret = -ENOTTY; } -out: - spin_unlock_irq(&rbd_dev->lock); return ret; } |