block: fix synchronization and limit check in blk_alloc_devt()

commit ce23bba842aee98092225d9576dba47c82352521 upstream.

idr allocation in blk_alloc_devt() wasn't synchronized against lookup
and removal, and its limit check was off by one - 1 << MINORBITS is
the number of minors allowed, not the maximum allowed minor.

Add locking and rename MAX_EXT_DEVT to NR_EXT_DEVT and fix limit
checking.

Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/block/genhd.c b/block/genhd.c
index ac9aeb4..6edf228 100644 (file)
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -26,7 +26,7 @@ static DEFINE_MUTEX(block_class_lock);
 struct kobject *block_depr;
 
 /* for extended dynamic devt allocation, currently only one major is used */
-#define MAX_EXT_DEVT           (1 << MINORBITS)
+#define NR_EXT_DEVT            (1 << MINORBITS)
 
 /* For extended devt allocation.  ext_devt_mutex prevents look up
  * results from going away underneath its user.
@@ -423,19 +423,16 @@ int blk_alloc_devt(struct hd_struct *part, dev_t *devt)
                        return -ENOMEM;
                mutex_lock(&ext_devt_mutex);
                rc = idr_get_new(&ext_devt_idr, part, &idx);
+               if (!rc && idx >= NR_EXT_DEVT) {
+                       idr_remove(&ext_devt_idr, idx);
+                       rc = -EBUSY;
+               }
                mutex_unlock(&ext_devt_mutex);
        } while (rc == -EAGAIN);
 
        if (rc)
                return rc;
 
-       if (idx > MAX_EXT_DEVT) {
-               mutex_lock(&ext_devt_mutex);
-               idr_remove(&ext_devt_idr, idx);
-               mutex_unlock(&ext_devt_mutex);
-               return -EBUSY;
-       }
-
        *devt = MKDEV(BLOCK_EXT_MAJOR, blk_mangle_minor(idx));
        return 0;
 }