| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200429114542.GJ11244@42.do-not-panic.com>
Date: Wed, 29 Apr 2020 11:45:42 +0000
From: Luis Chamberlain <mcgrof@...nel.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: axboe@...nel.dk, viro@...iv.linux.org.uk, bvanassche@....org,
gregkh@...uxfoundation.org, rostedt@...dmis.org, mingo@...hat.com,
jack@...e.cz, ming.lei@...hat.com, nstange@...e.de,
akpm@...ux-foundation.org, mhocko@...e.com, yukuai3@...wei.com,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Omar Sandoval <osandov@...com>,
Hannes Reinecke <hare@...e.com>,
Michal Hocko <mhocko@...nel.org>,
syzbot+603294af2d01acfdd6da@...kaller.appspotmail.com
Subject: Re: [PATCH v3 4/6] blktrace: fix debugfs use after free
On Wed, Apr 29, 2020 at 04:26:37AM -0700, Christoph Hellwig wrote:
> I can't say I'm a fan of all these long backtraces in commit logs..
>
> > +static struct dentry *blk_debugfs_dir_register(const char *name)
> > +{
> > + return debugfs_create_dir(name, blk_debugfs_root);
> > +}
>
> I don't think we really need this helper.
We don't export blk_debugfs_root, didn't think we'd want to, and
since only a few scew funky drivers would use the struct gendisk
and also support BLKTRACE, I didn't think we'd want to export it
now.
A new block private symbol namespace alright?
> > +void blk_part_debugfs_unregister(struct hd_struct *p)
> > +{
> > + debugfs_remove_recursive(p->debugfs_dir);
> > + p->debugfs_dir = NULL;
> > +}
>
> Why do we need to clear the pointer here?
True, not needed for partition.
> > +#ifdef CONFIG_DEBUG_FS
> > + /* Currently only used by kernel/trace/blktrace.c */
> > + struct dentry *debugfs_dir;
> > +#endif
>
> Does that comment really add value?
I'll nuke it.
> > +static struct dentry *blk_trace_debugfs_dir(struct block_device *bdev,
> > + struct request_queue *q)
> > {
> > + struct hd_struct *p = NULL;
> >
> > + * Some drivers like scsi-generic use a NULL block device. For
> > + * other drivers when bdev != bdev->bd_contain we are doing a blktrace
> > + * on a parition, otherwise we know we are working on the whole
> > + * disk, and for that the request_queue already has its own debugfs_dir.
> > + * which we have been using for other things other than blktrace.
> > + */
> > + if (bdev && bdev != bdev->bd_contains)
> > + p = bdev->bd_part;
> >
> > + if (p)
> > + return p->debugfs_dir;
> > +
> > + return q->debugfs_dir;
>
> This could be simplified down to:
>
> if (bdev && bdev != bdev->bd_contains)
> return bdev->bd_part->debugfs_dir;
> return q->debugfs_dir;
>
> Given that bd_part is in __blkdev_get very near bd_contains.
Ah neat.
> Also given that this patch completely rewrites blk_trace_debugfs_dir is
> there any point in the previous patch?
Still think it helps with making this patch easier to read, but I don't
care, lemme know if I should just fold it.
> > @@ -491,6 +500,7 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
> > struct dentry *dir = NULL;
> > int ret;
> >
> > +
> > if (!buts->buf_size || !buts->buf_nr)
> > return -EINVAL;
> >
>
> Spurious whitespace change.
Will nuke.
Luis
Powered by blists - more mailing lists