From: Bart Van Assche <bvanassche@acm.org>
To: Luis Chamberlain <mcgrof@kernel.org>,
axboe@kernel.dk, viro@zeniv.linux.org.uk,
gregkh@linuxfoundation.org, rostedt@goodmis.org,
mingo@redhat.com, jack@suse.cz, ming.lei@redhat.com,
nstange@suse.de, akpm@linux-foundation.org
Cc: mhocko@suse.com, yukuai3@huawei.com, martin.petersen@oracle.com,
jejb@linux.ibm.com, linux-block@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Omar Sandoval <osandov@fb.com>,
Hannes Reinecke <hare@suse.com>, Michal Hocko <mhocko@kernel.org>,
syzbot+603294af2d01acfdd6da@syzkaller.appspotmail.com
Subject: Re: [PATCH v7 6/8] blktrace: fix debugfs use after free
Date: Sat, 20 Jun 2020 10:31:51 -0700 [thread overview]
Message-ID: <75c3a94d-dcd1-05e4-47c6-db65f074136a@acm.org> (raw)
In-Reply-To: <20200619204730.26124-7-mcgrof@kernel.org>
On 2020-06-19 13:47, Luis Chamberlain wrote:
> This goes tested with:
^^^^
got?
> diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
> index 7ff2ea5cd05e..e6e2d25fdbd6 100644
> --- a/kernel/trace/blktrace.c
> +++ b/kernel/trace/blktrace.c
> @@ -524,10 +524,18 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
> if (!bt->msg_data)
> goto err;
>
> - ret = -ENOENT;
> -
> - dir = debugfs_lookup(buts->name, blk_debugfs_root);
> - if (!dir)
> +#ifdef CONFIG_BLK_DEBUG_FS
> + /*
> + * When tracing whole make_request drivers (multiqueue) block devices,
> + * reuse the existing debugfs directory created by the block layer on
> + * init. For request-based block devices, all partitions block devices,
^^^^^^^^^^^^^^^^^^^^^
It seems like a word is missing from the comment? Or did you perhaps
want to refer to "all partition block devices"?
> + * and scsi-generic block devices we create a temporary new debugfs
> + * directory that will be removed once the trace ends.
> + */
> + if (queue_is_mq(q) && bdev && bdev == bdev->bd_contains)
> + dir = q->debugfs_dir;
> + else
> +#endif
> bt->dir = dir = debugfs_create_dir(buts->name, blk_debugfs_root);
Can it happen that two different threads each try to set up block
tracing and hence that debugfs_create_dir() fails because a directory
with name buts->name already exists?
> bt->dev = dev;
> @@ -565,8 +573,6 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
>
> ret = 0;
> err:
> - if (dir && !bt->dir)
> - dput(dir);
> if (ret)
> blk_trace_free(bt);
> return ret;
Shouldn't bt->dir be removed in this error path for make_request drivers?
Thanks,
Bart.
next prev parent reply other threads:[~2020-06-20 17:31 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 20:47 [PATCH v7 0/8] blktrace: fix debugfs use after free Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 1/8] block: add docs for gendisk / request_queue refcount helpers Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 2/8] block: clarify context for refcount increment helpers Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 3/8] block: revert back to synchronous request_queue removal Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 4/8] blktrace: annotate required lock on do_blk_trace_setup() Luis Chamberlain
2020-06-20 17:02 ` Bart Van Assche
2020-06-19 20:47 ` [PATCH v7 5/8] loop: be paranoid on exit and prevent new additions / removals Luis Chamberlain
2020-06-20 17:11 ` Bart Van Assche
2020-06-22 12:27 ` Luis Chamberlain
2020-06-23 2:16 ` Bart Van Assche
2020-06-23 16:56 ` Luis Chamberlain
2020-06-23 17:05 ` Johannes Thumshirn
2020-06-24 12:08 ` Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 6/8] blktrace: fix debugfs use after free Luis Chamberlain
2020-06-20 7:29 ` Christoph Hellwig
2020-06-20 17:31 ` Bart Van Assche [this message]
2020-06-22 12:36 ` Luis Chamberlain
2020-06-19 20:47 ` [PATCH v7 7/8] blktrace: ensure our debugfs dir exists Luis Chamberlain
2020-06-20 7:29 ` Christoph Hellwig
2020-06-20 17:33 ` Bart Van Assche
2020-06-19 20:47 ` [PATCH v7 8/8] block: create the request_queue debugfs_dir on registration Luis Chamberlain
2020-06-20 7:30 ` Christoph Hellwig
2020-06-20 18:07 ` Bart Van Assche
2020-06-22 12:42 ` Luis Chamberlain
2020-06-23 3:18 ` Bart Van Assche
2020-06-20 21:18 ` [PATCH v7 0/8] blktrace: fix debugfs use after free Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75c3a94d-dcd1-05e4-47c6-db65f074136a@acm.org \
--to=bvanassche@acm.org \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=gregkh@linuxfoundation.org \
--cc=hare@suse.com \
--cc=jack@suse.cz \
--cc=jejb@linux.ibm.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=martin.petersen@oracle.com \
--cc=mcgrof@kernel.org \
--cc=mhocko@kernel.org \
--cc=mhocko@suse.com \
--cc=ming.lei@redhat.com \
--cc=mingo@redhat.com \
--cc=nstange@suse.de \
--cc=osandov@fb.com \
--cc=rostedt@goodmis.org \
--cc=syzbot+603294af2d01acfdd6da@syzkaller.appspotmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yukuai3@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.