hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBIWBN CVE: NA ---------------------------------------- For concurrent brd_probe(), the first one will create brd disk and set partition number to 0, however, the second one will found the brd disk and keep the partition number as disk fist minor. This will case AA deadlock for the caller because bdev is part0 while bdev->bd_partno is not zero. Fix the problem by always return NULL in brd_probe, hence brd_probe() will be covered by exact_match() from __device_add_disk(). Fixes: 937af5ecd059 ("brd: Fix all partitions BUGs") Signed-off-by: Yu Kuai <yukuai3@huawei.com> --- drivers/block/brd.c | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/drivers/block/brd.c b/drivers/block/brd.c index 02e8fff3f828..fc1abcf760ad 100644 --- a/drivers/block/brd.c +++ b/drivers/block/brd.c @@ -418,15 +418,13 @@ static void brd_free(struct brd_device *brd) kfree(brd); } -static struct brd_device *brd_init_one(int i, bool *new) +static void brd_init_one(int i) { struct brd_device *brd; - *new = false; - list_for_each_entry(brd, &brd_devices, brd_list) { + list_for_each_entry(brd, &brd_devices, brd_list) if (brd->brd_number == i) - goto out; - } + return; brd = brd_alloc(i); if (brd) { @@ -434,9 +432,6 @@ static struct brd_device *brd_init_one(int i, bool *new) add_disk(brd->brd_disk); list_add_tail(&brd->brd_list, &brd_devices); } - *new = true; -out: - return brd; } static void brd_del_one(struct brd_device *brd) @@ -448,19 +443,11 @@ static void brd_del_one(struct brd_device *brd) static struct kobject *brd_probe(dev_t dev, int *part, void *data) { - struct brd_device *brd; - struct kobject *kobj; - bool new; - mutex_lock(&brd_devices_mutex); - brd = brd_init_one(MINOR(dev) / max_part, &new); - kobj = brd ? get_disk_and_module(brd->brd_disk) : NULL; + brd_init_one(MINOR(dev) / max_part); mutex_unlock(&brd_devices_mutex); - if (new) - *part = 0; - - return kobj; + return NULL; } static inline void brd_check_and_reset_par(void) -- 2.39.2