All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jens Axboe <axboe@kernel.dk>
To: Bart Van Assche <Bart.VanAssche@sandisk.com>,
	"osandov@osandov.com" <osandov@osandov.com>
Cc: "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>
Subject: Re: [PATCH v5 05/10] blk-mq: Unregister debugfs attributes earlier
Date: Tue, 25 Apr 2017 15:29:39 -0700	[thread overview]
Message-ID: <bffcc658-50f7-cf61-eefa-f652ea4604d6@kernel.dk> (raw)
In-Reply-To: <1493159087.2628.28.camel@sandisk.com>

On 04/25/2017 03:24 PM, Bart Van Assche wrote:
> On Tue, 2017-04-25 at 14:30 -0700, Omar Sandoval wrote:
>> On Tue, Apr 25, 2017 at 01:37:40PM -0700, Bart Van Assche wrote:
>>> One of the debugfs attributes allows to run a queue. Since running
>>> a queue after a queue has entered the "dead" state is not allowed
>>> and triggers a use-after-free, unregister the debugfs attributes
>>> before a queue reaches the "dead" state.
>>
>> Still not happy with this commit message. I'd prefer:
>>
>> We currently call blk_mq_free_queue() from blk_cleanup_queue() before we
>> unregister the debugfs attributes for that queue in blk_release_queue().
>> This leaves a window open during which accessing most of the mq debugfs
>> attributes would cause a use-after-free. Additionally, the "state"
>> attribute allows running the queue, which we should not do after the
>> queue has entered the "dead" state. Fix both of these cases by
>> unregistering the debugfs attributes before this.
> 
> Hello Omar,
> 
> That's a very verbose description. How about this?
> 
>     Unregister the debugfs attributes before freeing of request queue
>     resources starts to avoid that a use-after-free can be triggered
>     through one of the debugfs attributes.

Personally I find Omar's commit message much cleaner to read, and
more easily understandable. We really don't need to be laconic in
commit messages.

-- 
Jens Axboe

  reply	other threads:[~2017-04-25 22:29 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-25 20:37 [PATCH v5 00/10] blk-mq debugfs patches for kernel v4.12 Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 01/10] blk-mq: Register <dev>/queue/mq after having registered <dev>/queue Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 02/10] blk-mq: Let blk_mq_debugfs_register() look up the queue name Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 03/10] blk-mq-debugfs: Rename functions for registering and unregistering the mq directory Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 04/10] blk-mq: Only unregister hctxs for which registration succeeded Bart Van Assche
2017-04-25 21:18   ` Omar Sandoval
2017-04-25 20:37 ` [PATCH v5 05/10] blk-mq: Unregister debugfs attributes earlier Bart Van Assche
2017-04-25 21:30   ` Omar Sandoval
2017-04-25 21:41     ` Jens Axboe
2017-04-26 20:38       ` Bart Van Assche
2017-04-25 22:24     ` Bart Van Assche
2017-04-25 22:29       ` Jens Axboe [this message]
2017-04-25 22:30       ` Omar Sandoval
2017-04-26 20:32     ` Bart Van Assche
2017-04-26 20:37       ` Jens Axboe
2017-04-26 20:37       ` Omar Sandoval
2017-04-25 20:37 ` [PATCH v5 06/10] blk-mq: Move the "state" debugfs attribute one level down Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 07/10] blk-mq: Make blk_flags_show() callers append a newline character Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 08/10] blk-mq: Show operation, cmd_flags and rq_flags names Bart Van Assche
2017-04-25 20:37 ` [PATCH v5 09/10] blk-mq: Add blk_mq_ops.show_rq() Bart Van Assche
2017-04-25 21:35   ` Omar Sandoval
2017-04-25 20:37 ` [PATCH v5 10/10] scsi: Implement blk_mq_ops.show_rq() Bart Van Assche
2017-04-25 20:37   ` Bart Van Assche
2017-04-25 21:39   ` Omar Sandoval
2017-04-25 22:06     ` Bart Van Assche
2017-04-25 22:06       ` Bart Van Assche

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bffcc658-50f7-cf61-eefa-f652ea4604d6@kernel.dk \
    --to=axboe@kernel.dk \
    --cc=Bart.VanAssche@sandisk.com \
    --cc=linux-block@vger.kernel.org \
    --cc=osandov@osandov.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.