From: Yufen Yu <yuyufen@huawei.com>
To: Christoph Hellwig <hch@lst.de>, <axboe@kernel.dk>
Cc: <tj@kernel.org>, <jack@suse.cz>, <bvanassche@acm.org>,
<tytso@mit.edu>, <gregkh@linuxfoundation.org>,
<linux-block@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 3/8] bdi: add a ->dev_name field to struct backing_dev_info
Date: Thu, 16 Apr 2020 16:34:13 +0800 [thread overview]
Message-ID: <5bfcd35a-2463-3769-be93-911c4e3c38bb@huawei.com> (raw)
In-Reply-To: <20200416071519.807660-4-hch@lst.de>
Hi,
On 2020/4/16 15:15, Christoph Hellwig wrote:
> Cache a copy of the name for the life time of the backing_dev_info
> structure so that we can reference it even after unregistering.
>
> Fixes: 68f23b89067f ("memcg: fix a crash in wb_workfn when a device disappears")
> Reported-by: Yufen Yu <yuyufen@huawei.com>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> include/linux/backing-dev-defs.h | 1 +
> mm/backing-dev.c | 13 ++++++++++---
> 2 files changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h
> index 4fc87dee005a..249590bcccf7 100644
> --- a/include/linux/backing-dev-defs.h
> +++ b/include/linux/backing-dev-defs.h
> @@ -220,6 +220,7 @@ struct backing_dev_info {
> wait_queue_head_t wb_waitq;
>
> struct device *dev;
> + const char *dev_name;
> struct device *owner;
>
> struct timer_list laptop_mode_wb_timer;
> diff --git a/mm/backing-dev.c b/mm/backing-dev.c
> index c2c44c89ee5d..4f6c05df72f9 100644
> --- a/mm/backing-dev.c
> +++ b/mm/backing-dev.c
> @@ -938,9 +938,15 @@ int bdi_register_va(struct backing_dev_info *bdi, const char *fmt, va_list args)
> if (bdi->dev) /* The driver needs to use separate queues per device */
> return 0;
>
> - dev = device_create_vargs(bdi_class, NULL, MKDEV(0, 0), bdi, fmt, args);
> - if (IS_ERR(dev))
> + bdi->dev_name = kvasprintf(GFP_KERNEL, fmt, args);
> + if (!bdi->dev_name)
> + return -ENOMEM;
> +
> + dev = device_create(bdi_class, NULL, MKDEV(0, 0), bdi, bdi->dev_name);
> + if (IS_ERR(dev)) {
> + kfree(bdi->dev_name);
> return PTR_ERR(dev);
> + }
>
> cgwb_bdi_register(bdi);
> bdi->dev = dev;
> @@ -1034,6 +1040,7 @@ static void release_bdi(struct kref *ref)
> WARN_ON_ONCE(bdi->dev);
> wb_exit(&bdi->wb);
> cgwb_bdi_exit(bdi);
> + kfree(bdi->dev_name);
> kfree(bdi);
> }
When driver try to to re-register bdi but without release_bdi(), the old dev_name
will be cover directly by the newer in bdi_register_va(). So, I am not sure whether
it can cause memory leak for bdi->dev_name.
Thanks,
Yufen
>
> @@ -1047,7 +1054,7 @@ const char *bdi_dev_name(struct backing_dev_info *bdi)
> {
> if (!bdi || !bdi->dev)
> return bdi_unknown_name;
> - return dev_name(bdi->dev);
> + return bdi->dev_name;
> }
> EXPORT_SYMBOL_GPL(bdi_dev_name);
next prev parent reply other threads:[~2020-04-16 8:35 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-16 7:15 bdi: fix use-after-free for dev_name(bdi->dev) Christoph Hellwig
2020-04-16 7:15 ` [PATCH 1/8] bdi: move bdi_dev_name out of line Christoph Hellwig
2020-04-16 7:52 ` Greg KH
2020-04-16 12:32 ` Jan Kara
2020-04-16 7:15 ` [PATCH 2/8] bdi: use bdi_dev_name() to get device name Christoph Hellwig
2020-04-16 7:52 ` Greg KH
2020-04-16 7:15 ` [PATCH 3/8] bdi: add a ->dev_name field to struct backing_dev_info Christoph Hellwig
2020-04-16 7:52 ` Greg KH
2020-04-16 8:34 ` Yufen Yu [this message]
2020-04-16 12:02 ` Jan Kara
2020-04-16 12:19 ` Christoph Hellwig
2020-04-16 12:22 ` Christoph Hellwig
2020-04-16 12:31 ` Jan Kara
2020-04-16 7:15 ` [PATCH 4/8] driver core: remove device_create_vargs Christoph Hellwig
2020-04-16 7:52 ` Greg KH
2020-04-16 7:15 ` [PATCH 5/8] bdi: unexport bdi_register_va Christoph Hellwig
2020-04-16 7:53 ` Greg KH
2020-04-16 12:03 ` Jan Kara
2020-04-16 7:15 ` [PATCH 6/8] bdi: remove bdi_register_owner Christoph Hellwig
2020-04-16 7:53 ` Greg KH
2020-04-16 12:05 ` Jan Kara
2020-04-16 7:15 ` [PATCH 7/8] bdi: simplify bdi_alloc Christoph Hellwig
2020-04-16 7:54 ` Greg KH
2020-04-16 12:06 ` Jan Kara
2020-04-16 7:15 ` [PATCH 8/8] bdi: remove the name field in struct backing_dev_info Christoph Hellwig
2020-04-16 7:54 ` Greg KH
2020-04-16 12:23 ` Jan Kara
2020-04-16 15:29 ` bdi: fix use-after-free for dev_name(bdi->dev) Jens Axboe
2020-04-16 15:29 ` Christoph Hellwig
2020-04-16 15:30 ` Jens Axboe
2020-04-16 16:54 bdi: fix use-after-free for dev_name(bdi->dev) v2 Christoph Hellwig
2020-04-16 16:54 ` [PATCH 3/8] bdi: add a ->dev_name field to struct backing_dev_info Christoph Hellwig
2020-04-17 8:59 ` Jan Kara
2020-04-17 13:01 ` Christoph Hellwig
2020-04-20 11:41 ` Hans de Goede
2020-04-20 11:58 ` Christoph Hellwig
2020-04-21 12:42 ` Hans de Goede
2020-04-18 15:40 ` Bart Van Assche
2020-04-19 7:58 ` Christoph Hellwig
2020-04-19 15:29 ` Bart Van Assche
2020-04-19 16:06 ` Christoph Hellwig
2020-04-20 7:48 ` Christoph Hellwig
2020-04-20 9:52 ` Jan Kara
2020-04-20 9:49 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5bfcd35a-2463-3769-be93-911c4e3c38bb@huawei.com \
--to=yuyufen@huawei.com \
--cc=axboe@kernel.dk \
--cc=bvanassche@acm.org \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.