From patchwork Fri Jun 19 20:47:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 11615043 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C40F9912 for ; Fri, 19 Jun 2020 20:47:45 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9ABC42100A for ; Fri, 19 Jun 2020 20:47:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9ABC42100A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9A5CB8D00FE; Fri, 19 Jun 2020 16:47:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8DDC28D00FD; Fri, 19 Jun 2020 16:47:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7CA7D8D00FE; Fri, 19 Jun 2020 16:47:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0135.hostedemail.com [216.40.44.135]) by kanga.kvack.org (Postfix) with ESMTP id 615658D00FD for ; Fri, 19 Jun 2020 16:47:41 -0400 (EDT) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 15EDC1EF1 for ; Fri, 19 Jun 2020 20:47:41 +0000 (UTC) X-FDA: 76947147522.14.mouth38_63058de26e1b Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin14.hostedemail.com (Postfix) with ESMTP id E24F018229818 for ; Fri, 19 Jun 2020 20:47:40 +0000 (UTC) X-Spam-Summary: 2,0,0,b553e17028dfe92b,d41d8cd98f00b204,mcgrof@gmail.com,,RULES_HIT:41:69:355:379:541:965:966:973:988:989:1260:1311:1314:1345:1437:1515:1535:1542:1711:1730:1747:1777:1792:2196:2198:2199:2200:2393:2559:2562:2693:2903:3138:3139:3140:3141:3142:3354:3865:3866:3867:3868:3870:3871:3872:3873:3874:4250:4385:4390:4395:4605:5007:6261:9389:10004:11026:11473:11658:11914:12043:12048:12050:12291:12296:12297:12517:12519:12679:12683:12895:13141:13161:13229:13230:13894:13972:14095:14096:14394:14721:21080:21324:21433:21444:21451:21627:21795:21966:30012:30051:30054:30076,0,RBL:209.85.216.68:@gmail.com:.lbl8.mailshell.net-66.100.201.100 62.18.0.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:22,LUA_SUMMARY:none X-HE-Tag: mouth38_63058de26e1b X-Filterd-Recvd-Size: 5020 Received: from mail-pj1-f68.google.com (mail-pj1-f68.google.com [209.85.216.68]) by imf35.hostedemail.com (Postfix) with ESMTP for ; Fri, 19 Jun 2020 20:47:40 +0000 (UTC) Received: by mail-pj1-f68.google.com with SMTP id d6so4773106pjs.3 for ; Fri, 19 Jun 2020 13:47:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dQaXAvki8sYaKGwXLR52YNJf2NEdQTW2gAe2FMsltcA=; b=d/y0YJsSWZkwig/CG/RicuyJCabveDuLclU9UEYgrwNN0S8ehaArZ3FXJ53iO2e2dt YE7saN8xT3TmKm9t4bVgydEurP5ko5NsyIYHPr3860sddv3Sr9ThlpGzODnA3II+W9g+ XXXQZnQ8npdE+rVtimvOBFLNas7N0zVBgWfBaFf42HgSY6K6vgRts4vkTGhBa0FzAVbL pHKK9vYbPFeczNWOIdz/ClV/7y/Qk9eIw0VnOQn7Tsf1E0wjXlQe29Z9lKPU2UOMeuJg de8BbkFiXHh3gLeoBkmSW0rmHIAFQkB39873wf/w3c+f8IAb9r2b0KxzIFhXBWKAlZiA 4cgg== X-Gm-Message-State: AOAM533uh+WGdsnlju8HTUW93N32BVUDQUcohkmPe7fhUzBC68/99Gl1 sKJalF7RdkhHcDeZHvTXBKA= X-Google-Smtp-Source: ABdhPJz6FN8us6j2Rb6yY2Uaymx8u9Kkw3oC6l3CKk046JMwY9HetI2SAwZYSEdr1v4YyRVw1clOUQ== X-Received: by 2002:a17:90b:3105:: with SMTP id gc5mr5207584pjb.36.1592599659656; Fri, 19 Jun 2020 13:47:39 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id fa13sm5801738pjb.39.2020.06.19.13.47.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2020 13:47:33 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 14F9F4063E; Fri, 19 Jun 2020 20:47:32 +0000 (UTC) From: Luis Chamberlain To: axboe@kernel.dk, viro@zeniv.linux.org.uk, bvanassche@acm.org, gregkh@linuxfoundation.org, rostedt@goodmis.org, mingo@redhat.com, jack@suse.cz, ming.lei@redhat.com, nstange@suse.de, akpm@linux-foundation.org Cc: mhocko@suse.com, yukuai3@huawei.com, martin.petersen@oracle.com, jejb@linux.ibm.com, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Luis Chamberlain Subject: [PATCH v7 0/8] blktrace: fix debugfs use after free Date: Fri, 19 Jun 2020 20:47:22 +0000 Message-Id: <20200619204730.26124-1-mcgrof@kernel.org> X-Mailer: git-send-email 2.23.0.rc1 MIME-Version: 1.0 X-Rspamd-Queue-Id: E24F018229818 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Its been a fun ride, but all patch series come to an end. My hope is that this is it. The simplification of the fix is considerable now, with only a few lines of code and with no data structure changes. We were only creating the debugfs_dir upon initialization only if you had CONFIG_BLK_DEBUG_FS for for make_request block drivers (multiqueue). That's where the UAF bug could happen. Folks liked the idea of open coding the debugfs initialization even if CONFIG_BLK_DEBUG_FS was disabled, given that debugfs code will simply ignore that code if debugfs is disabled, but to make the fix easier to backport, that shift is done now in another patch. Likewise, although we were only creating the debugfs_dir only for make_request block drivers (multiqueue), the same new additional patch also creates the debugfs_dir for request-based block drivers. That *begged* us to just rename the mutex to clarify its for the debugfs_dir, blktrace then just becomes its biggest user. The only patches changed here is the last one from the last series, which actually fixed the UAF oops, and that one is now split in 3 patches, which makes a secondary fix much clearer. I've waited a while to post these, to let 0-day give me its blessings, both for Linus' tree and linux-next. No issues have been found. I've also taken time to run blktests prior and after this series and I have found no regressions. In fact, I think I should just extend blktests with the break-blktrace tests, I'll do that later. Luis Chamberlain (8): block: add docs for gendisk / request_queue refcount helpers block: clarify context for refcount increment helpers block: revert back to synchronous request_queue removal blktrace: annotate required lock on do_blk_trace_setup() loop: be paranoid on exit and prevent new additions / removals blktrace: fix debugfs use after free blktrace: ensure our debugfs dir exists block: create the request_queue debugfs_dir on registration block/blk-core.c | 31 +++++++++++++---- block/blk-mq-debugfs.c | 5 --- block/blk-sysfs.c | 52 ++++++++++++++++------------ block/blk.h | 2 -- block/genhd.c | 73 ++++++++++++++++++++++++++++++++++++++- drivers/block/loop.c | 4 +++ include/linux/blkdev.h | 7 ++-- kernel/trace/blktrace.c | 76 ++++++++++++++++++++++++----------------- 8 files changed, 179 insertions(+), 71 deletions(-)