CVS commit: src/sys/miscfs/specfs

Fri, 12 Aug 2022 14:25:48 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Fri Aug 12 21:25:39 UTC 2022

Modified Files:
        src/sys/miscfs/specfs: spec_vnops.c

Log Message:
specfs: Refuse to open a closing-in-progress block device.

We could wait for close to complete, but if this happened ever so
slightly earlier it would lead to EBUSY anyway, so there's no point
in adding logic for that -- either way the caller neglected to wait
for the last close to finish before trying to open it the device
again.

https://mail-index.netbsd.org/current-users/2022/08/09/msg042800.html

Reported-by: syzbot+4388f20706ec8a4c8...@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=47c67ab6d3a87514d0707882a9ad6671beaa8642

Reported-by: syzbot+0f1756652dce4cb34...@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=a632ce762d64241fc82a9bc57230b7b7c7095d1a


To generate a diff of this commit:
cvs rdiff -u -r1.213 -r1.214 src/sys/miscfs/specfs/spec_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/miscfs/specfs/spec_vnops.c
diff -u src/sys/miscfs/specfs/spec_vnops.c:1.213 src/sys/miscfs/specfs/spec_vnops.c:1.214
--- src/sys/miscfs/specfs/spec_vnops.c:1.213	Fri Aug 12 17:06:01 2022
+++ src/sys/miscfs/specfs/spec_vnops.c	Fri Aug 12 21:25:39 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: spec_vnops.c,v 1.213 2022/08/12 17:06:01 riastradh Exp $	*/
+/*	$NetBSD: spec_vnops.c,v 1.214 2022/08/12 21:25:39 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -58,7 +58,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spec_vnops.c,v 1.213 2022/08/12 17:06:01 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spec_vnops.c,v 1.214 2022/08/12 21:25:39 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/proc.h>
@@ -789,8 +789,13 @@ spec_open(void *v)
 		 *
 		 * Treat zero opencnt with non-NULL mountpoint as open.
 		 * This may happen after forced detach of a mounted device.
+		 *
+		 * Also treat sd_closing, meaning there is a concurrent
+		 * close in progress, as still open.
 		 */
-		if (sd->sd_opencnt != 0 || sd->sd_mountpoint != NULL) {
+		if (sd->sd_opencnt != 0 ||
+		    sd->sd_mountpoint != NULL ||
+		    sd->sd_closing) {
 			error = EBUSY;
 			break;
 		}

Reply via email to