Commit 3c522ced authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Linus Torvalds

block: fix refcounting in BLKBSZSET

Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.

The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev.  This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.

The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().

This fixes
  https://bugzilla.kernel.org/show_bug.cgi?id=29202
(and likely 29792 too)
Reported-by: default avatarAdam Kovari <kovariadam@gmail.com>
Acked-by: default avatarTejun Heo <tj@kernel.org>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent dcace5ac
...@@ -294,9 +294,11 @@ int blkdev_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd, ...@@ -294,9 +294,11 @@ int blkdev_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd,
return -EINVAL; return -EINVAL;
if (get_user(n, (int __user *) arg)) if (get_user(n, (int __user *) arg))
return -EFAULT; return -EFAULT;
if (!(mode & FMODE_EXCL) && if (!(mode & FMODE_EXCL)) {
blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0) bdgrab(bdev);
if (blkdev_get(bdev, mode | FMODE_EXCL, &bdev) < 0)
return -EBUSY; return -EBUSY;
}
ret = set_blocksize(bdev, n); ret = set_blocksize(bdev, n);
if (!(mode & FMODE_EXCL)) if (!(mode & FMODE_EXCL))
blkdev_put(bdev, mode | FMODE_EXCL); blkdev_put(bdev, mode | FMODE_EXCL);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment