| Message ID | 20200419194529.4872-6-mcgrof@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block: fix blktrace debugfs use after free | expand |
On 4/19/20 12:45 PM, Luis Chamberlain wrote: > @@ -498,10 +498,7 @@ static struct dentry *blk_trace_debugfs_dir(struct blk_user_trace_setup *buts, > struct dentry *dir = NULL; > > /* This can only happen if we have a bug on our lower layers */ > - if (!q->kobj.parent) { > - pr_warn("%s: request_queue parent is gone\n", buts->name); > - return NULL; > - } > + BUG_ON(!q->kobj.parent); Does the following quote from Linus also apply to this patch: "there is NO F*CKING EXCUSE to knowingly kill the kernel." See also https://lkml.org/lkml/2016/10/4/1. Thanks, Bart.
On Sun, Apr 19, 2020 at 03:50:13PM -0700, Bart Van Assche wrote: > On 4/19/20 12:45 PM, Luis Chamberlain wrote: > > @@ -498,10 +498,7 @@ static struct dentry *blk_trace_debugfs_dir(struct blk_user_trace_setup *buts, > > struct dentry *dir = NULL; > > /* This can only happen if we have a bug on our lower layers */ > > - if (!q->kobj.parent) { > > - pr_warn("%s: request_queue parent is gone\n", buts->name); > > - return NULL; > > - } > > + BUG_ON(!q->kobj.parent); > > Does the following quote from Linus also apply to this patch: "there is NO > F*CKING EXCUSE to knowingly kill the kernel." See also > https://lkml.org/lkml/2016/10/4/1. We can use WARN_ON() and keep the return NULL, sure. Luis
On Sun, 19 Apr 2020 23:07:30 +0000 Luis Chamberlain <mcgrof@kernel.org> wrote: > On Sun, Apr 19, 2020 at 03:50:13PM -0700, Bart Van Assche wrote: > > On 4/19/20 12:45 PM, Luis Chamberlain wrote: > > > @@ -498,10 +498,7 @@ static struct dentry *blk_trace_debugfs_dir(struct blk_user_trace_setup *buts, > > > struct dentry *dir = NULL; > > > /* This can only happen if we have a bug on our lower layers */ > > > - if (!q->kobj.parent) { > > > - pr_warn("%s: request_queue parent is gone\n", buts->name); > > > - return NULL; > > > - } > > > + BUG_ON(!q->kobj.parent); > > > > Does the following quote from Linus also apply to this patch: "there is NO > > F*CKING EXCUSE to knowingly kill the kernel." See also > > https://lkml.org/lkml/2016/10/4/1. > > We can use WARN_ON() and keep the return NULL, sure. > Yes please. This is definitely not something that should kill the system. -- Steve
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index 8f87979d0971..909db597b551 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -498,10 +498,7 @@ static struct dentry *blk_trace_debugfs_dir(struct blk_user_trace_setup *buts, struct dentry *dir = NULL; /* This can only happen if we have a bug on our lower layers */ - if (!q->kobj.parent) { - pr_warn("%s: request_queue parent is gone\n", buts->name); - return NULL; - } + BUG_ON(!q->kobj.parent); /* * From a sysfs kobject perspective, the request_queue sits on top of @@ -510,32 +507,19 @@ static struct dentry *blk_trace_debugfs_dir(struct blk_user_trace_setup *buts, * that if blktrace is going to be done for it. */ if (blk_trace_target_disk(buts->name, kobject_name(q->kobj.parent))) { - if (!q->debugfs_dir) { - pr_warn("%s: expected request_queue debugfs_dir is not set\n", - buts->name); - return NULL; - } + BUG_ON(!q->debugfs_dir); + /* * debugfs_lookup() is used to ensure the directory is not * taken from underneath us. We must dput() it later once * done with it within blktrace. + * + * This is also a reaffirmation that debugfs_lookup() shall + * always return the same dentry if it was already set. */ dir = debugfs_lookup(buts->name, blk_debugfs_root); - if (!dir) { - pr_warn("%s: expected request_queue debugfs_dir dentry is gone\n", - buts->name); - return NULL; - } - /* - * This is a reaffirmation that debugfs_lookup() shall always - * return the same dentry if it was already set. - */ - if (dir != q->debugfs_dir) { - dput(dir); - pr_warn("%s: expected dentry dir != q->debugfs_dir\n", - buts->name); - return NULL; - } + BUG_ON(!dir || dir != q->debugfs_dir); + bt->backing_dir = q->debugfs_dir; return bt->backing_dir; }
Now that the request_queue removal is scheduled synchronously again, we have certain expectations on when debugfs directories used for blktrace are used. Any violation of these expecations should reflect core bugs we want to hear about. Signed-off-by: Luis Chamberlain <mcgrof@kernel.org> --- kernel/trace/blktrace.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-)