]>
Commit | Line | Data |
---|---|---|
04fd09d4 SL |
1 | From 8737b6e883ba9693d6fad2ec753df0922facd171 Mon Sep 17 00:00:00 2001 |
2 | From: Guenter Roeck <linux@roeck-us.net> | |
3 | Date: Wed, 6 Feb 2019 21:13:49 -0800 | |
4 | Subject: cdrom: Fix race condition in cdrom_sysctl_register | |
5 | ||
6 | [ Upstream commit f25191bb322dec8fa2979ecb8235643aa42470e1 ] | |
7 | ||
8 | The following traceback is sometimes seen when booting an image in qemu: | |
9 | ||
10 | [ 54.608293] cdrom: Uniform CD-ROM driver Revision: 3.20 | |
11 | [ 54.611085] Fusion MPT base driver 3.04.20 | |
12 | [ 54.611877] Copyright (c) 1999-2008 LSI Corporation | |
13 | [ 54.616234] Fusion MPT SAS Host driver 3.04.20 | |
14 | [ 54.635139] sysctl duplicate entry: /dev/cdrom//info | |
15 | [ 54.639578] CPU: 0 PID: 266 Comm: kworker/u4:5 Not tainted 5.0.0-rc5 #1 | |
16 | [ 54.639578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 | |
17 | [ 54.641273] Workqueue: events_unbound async_run_entry_fn | |
18 | [ 54.641273] Call Trace: | |
19 | [ 54.641273] dump_stack+0x67/0x90 | |
20 | [ 54.641273] __register_sysctl_table+0x50b/0x570 | |
21 | [ 54.641273] ? rcu_read_lock_sched_held+0x6f/0x80 | |
22 | [ 54.641273] ? kmem_cache_alloc_trace+0x1c7/0x1f0 | |
23 | [ 54.646814] __register_sysctl_paths+0x1c8/0x1f0 | |
24 | [ 54.646814] cdrom_sysctl_register.part.7+0xc/0x5f | |
25 | [ 54.646814] register_cdrom.cold.24+0x2a/0x33 | |
26 | [ 54.646814] sr_probe+0x4bd/0x580 | |
27 | [ 54.646814] ? __driver_attach+0xd0/0xd0 | |
28 | [ 54.646814] really_probe+0xd6/0x260 | |
29 | [ 54.646814] ? __driver_attach+0xd0/0xd0 | |
30 | [ 54.646814] driver_probe_device+0x4a/0xb0 | |
31 | [ 54.646814] ? __driver_attach+0xd0/0xd0 | |
32 | [ 54.646814] bus_for_each_drv+0x73/0xc0 | |
33 | [ 54.646814] __device_attach+0xd6/0x130 | |
34 | [ 54.646814] bus_probe_device+0x9a/0xb0 | |
35 | [ 54.646814] device_add+0x40c/0x670 | |
36 | [ 54.646814] ? __pm_runtime_resume+0x4f/0x80 | |
37 | [ 54.646814] scsi_sysfs_add_sdev+0x81/0x290 | |
38 | [ 54.646814] scsi_probe_and_add_lun+0x888/0xc00 | |
39 | [ 54.646814] ? scsi_autopm_get_host+0x21/0x40 | |
40 | [ 54.646814] __scsi_add_device+0x116/0x130 | |
41 | [ 54.646814] ata_scsi_scan_host+0x93/0x1c0 | |
42 | [ 54.646814] async_run_entry_fn+0x34/0x100 | |
43 | [ 54.646814] process_one_work+0x237/0x5e0 | |
44 | [ 54.646814] worker_thread+0x37/0x380 | |
45 | [ 54.646814] ? rescuer_thread+0x360/0x360 | |
46 | [ 54.646814] kthread+0x118/0x130 | |
47 | [ 54.646814] ? kthread_create_on_node+0x60/0x60 | |
48 | [ 54.646814] ret_from_fork+0x3a/0x50 | |
49 | ||
50 | The only sensible explanation is that cdrom_sysctl_register() is called | |
51 | twice, once from the module init function and once from register_cdrom(). | |
52 | cdrom_sysctl_register() is not mutex protected and may happily execute | |
53 | twice if the second call is made before the first call is complete. | |
54 | ||
55 | Use a static atomic to ensure that the function is executed exactly once. | |
56 | ||
57 | Signed-off-by: Guenter Roeck <linux@roeck-us.net> | |
58 | Signed-off-by: Jens Axboe <axboe@kernel.dk> | |
59 | Signed-off-by: Sasha Levin <sashal@kernel.org> | |
60 | --- | |
61 | drivers/cdrom/cdrom.c | 7 +++---- | |
62 | 1 file changed, 3 insertions(+), 4 deletions(-) | |
63 | ||
64 | diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c | |
65 | index 930b49606a8c..ea6558d4864c 100644 | |
66 | --- a/drivers/cdrom/cdrom.c | |
67 | +++ b/drivers/cdrom/cdrom.c | |
68 | @@ -265,6 +265,7 @@ | |
69 | /* #define ERRLOGMASK (CD_WARNING|CD_OPEN|CD_COUNT_TRACKS|CD_CLOSE) */ | |
70 | /* #define ERRLOGMASK (CD_WARNING|CD_REG_UNREG|CD_DO_IOCTL|CD_OPEN|CD_CLOSE|CD_COUNT_TRACKS) */ | |
71 | ||
72 | +#include <linux/atomic.h> | |
73 | #include <linux/module.h> | |
74 | #include <linux/fs.h> | |
75 | #include <linux/major.h> | |
76 | @@ -3689,9 +3690,9 @@ static struct ctl_table_header *cdrom_sysctl_header; | |
77 | ||
78 | static void cdrom_sysctl_register(void) | |
79 | { | |
80 | - static int initialized; | |
81 | + static atomic_t initialized = ATOMIC_INIT(0); | |
82 | ||
83 | - if (initialized == 1) | |
84 | + if (!atomic_add_unless(&initialized, 1, 1)) | |
85 | return; | |
86 | ||
87 | cdrom_sysctl_header = register_sysctl_table(cdrom_root_table); | |
88 | @@ -3702,8 +3703,6 @@ static void cdrom_sysctl_register(void) | |
89 | cdrom_sysctl_settings.debug = debug; | |
90 | cdrom_sysctl_settings.lock = lockdoor; | |
91 | cdrom_sysctl_settings.check = check_media_type; | |
92 | - | |
93 | - initialized = 1; | |
94 | } | |
95 | ||
96 | static void cdrom_sysctl_unregister(void) | |
97 | -- | |
98 | 2.19.1 | |
99 |