From: Omar Sandoval <osandov@osandov.com>
To: Jens Axboe <axboe@fb.com>, linux-block@vger.kernel.org
Cc: Bart Van Assche <bart.vanassche@sandisk.com>, kernel-team@fb.com
Subject: [PATCH 4/9] blk-mq: Do not invoke queue operations on a dead queue
Date: Wed, 3 May 2017 12:18:57 -0700 [thread overview]
Message-ID: <e3f2929bbfacac5ad5b02cf3de39ecd5e6287e40.1493839103.git.osandov@fb.com> (raw)
In-Reply-To: <cover.1493839103.git.osandov@fb.com>
In-Reply-To: <cover.1493839103.git.osandov@fb.com>
From: Bart Van Assche <bart.vanassche@sandisk.com>
In commit e869b5462f83 ("blk-mq: Unregister debugfs attributes
earlier"), we shuffled the debugfs cleanup around so that the "state"
attribute was removed before we freed the blk-mq data structures.
However, later changes are going to undo that, so we need to explicitly
disallow running a dead queue.
[Omar: rebased and updated commit message]
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
---
block/blk-mq-debugfs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c
index 00cc89c34590..48b9f59acd91 100644
--- a/block/blk-mq-debugfs.c
+++ b/block/blk-mq-debugfs.c
@@ -102,6 +102,14 @@ static ssize_t queue_state_write(void *data, const char __user *buf,
struct request_queue *q = data;
char op[16] = { }, *s;
+ /*
+ * The "state" attribute is removed after blk_cleanup_queue() has called
+ * blk_mq_free_queue(). Return if QUEUE_FLAG_DEAD has been set to avoid
+ * triggering a use-after-free.
+ */
+ if (blk_queue_dead(q))
+ return -ENOENT;
+
if (copy_from_user(op, buf, min(count, sizeof(op) - 1)))
return -EFAULT;
s = op;
--
2.12.2
next prev parent reply other threads:[~2017-05-03 19:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-03 19:18 [PATCH 0/9] blk-mq-debugfs: scheduler support and cleanups Omar Sandoval
2017-05-03 19:18 ` [PATCH 1/9] blk-mq-debugfs: separate flags with | Omar Sandoval
2017-05-03 19:18 ` [PATCH 2/9] blk-mq-debugfs: clean up flag definitions Omar Sandoval
2017-05-03 19:18 ` [PATCH 3/9] blk-mq-debugfs: get rid of a bunch of boilerplate Omar Sandoval
2017-05-03 20:51 ` Bart Van Assche
2017-05-03 23:22 ` Omar Sandoval
2017-05-03 19:18 ` Omar Sandoval [this message]
2017-05-03 19:18 ` [PATCH 5/9] blk-mq: move debugfs declarations to a separate header file Omar Sandoval
2017-05-03 19:18 ` [PATCH 6/9] blk-mq: untangle debugfs and sysfs Omar Sandoval
2017-05-03 19:19 ` [PATCH 7/9] blk-mq-debugfs: allow schedulers to register debugfs attributes Omar Sandoval
2017-05-03 19:19 ` [PATCH 8/9] kyber: add " Omar Sandoval
2017-05-03 19:19 ` [PATCH 9/9] mq-deadline: " Omar Sandoval
2017-05-03 19:57 ` [PATCH 10/9] blk-mq-debugfs: rename hw queue directories from <n> to hctx<n> Omar Sandoval
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3f2929bbfacac5ad5b02cf3de39ecd5e6287e40.1493839103.git.osandov@fb.com \
--to=osandov@osandov.com \
--cc=axboe@fb.com \
--cc=bart.vanassche@sandisk.com \
--cc=kernel-team@fb.com \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.