Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/miscfs/specfs specfs: Refuse to open a closing-in-progre...



details:   https://anonhg.NetBSD.org/src/rev/8668ef2e6f62
branches:  trunk
changeset: 368920:8668ef2e6f62
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Aug 12 21:25:39 2022 +0000

description:
specfs: Refuse to open a closing-in-progress block device.

We could wait for close to complete, but if this happened ever so
slightly earlier it would lead to EBUSY anyway, so there's no point
in adding logic for that -- either way the caller neglected to wait
for the last close to finish before trying to open it the device
again.

https://mail-index.netbsd.org/current-users/2022/08/09/msg042800.html

Reported-by: syzbot+4388f20706ec8a4c8db0%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=47c67ab6d3a87514d0707882a9ad6671beaa8642

Reported-by: syzbot+0f1756652dce4cb341ed%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=a632ce762d64241fc82a9bc57230b7b7c7095d1a

diffstat:

 sys/miscfs/specfs/spec_vnops.c |  11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diffs (33 lines):

diff -r a282534b8a72 -r 8668ef2e6f62 sys/miscfs/specfs/spec_vnops.c
--- a/sys/miscfs/specfs/spec_vnops.c    Fri Aug 12 19:13:36 2022 +0000
+++ b/sys/miscfs/specfs/spec_vnops.c    Fri Aug 12 21:25:39 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: spec_vnops.c,v 1.213 2022/08/12 17:06:01 riastradh Exp $       */
+/*     $NetBSD: spec_vnops.c,v 1.214 2022/08/12 21:25:39 riastradh Exp $       */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -58,7 +58,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spec_vnops.c,v 1.213 2022/08/12 17:06:01 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spec_vnops.c,v 1.214 2022/08/12 21:25:39 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/proc.h>
@@ -789,8 +789,13 @@
                 *
                 * Treat zero opencnt with non-NULL mountpoint as open.
                 * This may happen after forced detach of a mounted device.
+                *
+                * Also treat sd_closing, meaning there is a concurrent
+                * close in progress, as still open.
                 */
-               if (sd->sd_opencnt != 0 || sd->sd_mountpoint != NULL) {
+               if (sd->sd_opencnt != 0 ||
+                   sd->sd_mountpoint != NULL ||
+                   sd->sd_closing) {
                        error = EBUSY;
                        break;
                }



Home | Main Index | Thread Index | Old Index