| Message ID | 20221112110754.1109979-1-liushixin2@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | blk-mq: only unregister sysfs when registration succeeded | expand |
Hi, 在 2022/11/12 19:07, Liu Shixin 写道: > kobject_del() must not be called if kobject_add() has not been called. > Hence only unregister sysfs when registration succeeded. > From what I see, the blk_queue_registered() from caller blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED will only be set if blk_register_queue() succeed. Thanks, Kuai > Signed-off-by: Liu Shixin <liushixin2@huawei.com> > --- > block/blk-mq-sysfs.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c > index 93997d297d42..63f2df2500d9 100644 > --- a/block/blk-mq-sysfs.c > +++ b/block/blk-mq-sysfs.c > @@ -279,6 +279,8 @@ void blk_mq_sysfs_unregister(struct gendisk *disk) > unsigned long i; > > lockdep_assert_held(&q->sysfs_dir_lock); > + if (!q->mq_sysfs_init_done) > + return; > > queue_for_each_hw_ctx(q, hctx, i) > blk_mq_unregister_hctx(hctx); >
在 2022/11/12 18:44, Yu Kuai 写道: > Hi, > > 在 2022/11/12 19:07, Liu Shixin 写道: >> kobject_del() must not be called if kobject_add() has not been called. >> Hence only unregister sysfs when registration succeeded. >> > > From what I see, the blk_queue_registered() from caller > blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED > will only be set if blk_register_queue() succeed. I see that the return value of blk_mq_sysfs_register() is not checked from blk_register_queue(), there will be memleak or uaf from error path. Hence I think better thing to do is to handle the case that blk_mq_sysfs_register() faild, and clean up if blk_mq_sysfs_register() succeed while follow up procedures failed from blk_register_queue().
diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c index 93997d297d42..63f2df2500d9 100644 --- a/block/blk-mq-sysfs.c +++ b/block/blk-mq-sysfs.c @@ -279,6 +279,8 @@ void blk_mq_sysfs_unregister(struct gendisk *disk) unsigned long i; lockdep_assert_held(&q->sysfs_dir_lock); + if (!q->mq_sysfs_init_done) + return; queue_for_each_hw_ctx(q, hctx, i) blk_mq_unregister_hctx(hctx);
kobject_del() must not be called if kobject_add() has not been called. Hence only unregister sysfs when registration succeeded. Signed-off-by: Liu Shixin <liushixin2@huawei.com> --- block/blk-mq-sysfs.c | 2 ++ 1 file changed, 2 insertions(+)