Re: [PATCH v2 0/7] bdi: fix use-after-free for bdi device
From: "Theodore Y. Ts'o" <tytso@mit.edu>
Date: 2020-03-04 19:03:15
Also in:
linux-fsdevel
On Wed, Mar 04, 2020 at 06:29:07PM +0100, Greg KH wrote:
The rule should be, "whenever you pass a pointer to a device off, the reference count is incremented". Somehow that is not happening here and RCU is not going to solve the issue really, it's only going to delay the problem from showing up until much later. ... The struct device refcount should be all that is needed, don't use RCU just to "delay freeing this object until some later time because someone else might have a pointer to id". That's ripe for disaster.
I agree that this is a better fix than trying to continue to paper over the problem. That being said, I also think it would be better if we could *also* send a notification to the file system (or device mapper) when a block device has disappeared, so we can set a flag in struct super indicating, "this is an ex-device" so that we don't have to have potentially hundreds of I/O errors clogging up the console and/or any error notification ifrastructure we might want to add in the future, as we attempt to send I/O to a device is not coming back. This would allow us to short-circuit things like writeback, instead of letting everything drain via pointless io_submits sending bios that will never go anywhere useful. - Ted