Re: [RFC 2/3] blktrace: fix debugfs use after free

From: Luis Chamberlain
Date: Mon Apr 06 2020 - 11:19:13 EST

Next message: Kirill A. Shutemov: "Re: [PATCHv2 1/8] khugepaged: Add self test"
Previous message: Joel Fernandes: "Re: [PATCH 1/1] rcu/tree: add emergency pool for headless case"
In reply to: Nicolai Stange: "Re: [RFC 2/3] blktrace: fix debugfs use after free"
Next in thread: Luis Chamberlain: "Re: [RFC 2/3] blktrace: fix debugfs use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 06, 2020 at 11:18:13AM +0200, Nicolai Stange wrote:
> Bart Van Assche <bvanassche@xxxxxxx> writes:

> So I'd suggest to drop patch [3/3] from this series and modify this
> patch [2/3] here to move the blk_q_debugfs_unregister(q) invocation from
> __blk_release_queue() to blk_unregister_queue() instead.

I'll take a stab.

> > Additionally, I think the following changes fix that problem by using
> > q->debugfs_dir in the blktrace code instead of debugfs_lookup():
>
> That would fix the UAF, but !queue_is_mq() queues wouldn't get a debugfs
> directory created for them by blktrace anymore?

It would, it would just be done early on init as well, and it would now be
shared with the queue_is_mq() case.

Luis

Next message: Kirill A. Shutemov: "Re: [PATCHv2 1/8] khugepaged: Add self test"
Previous message: Joel Fernandes: "Re: [PATCH 1/1] rcu/tree: add emergency pool for headless case"
In reply to: Nicolai Stange: "Re: [RFC 2/3] blktrace: fix debugfs use after free"
Next in thread: Luis Chamberlain: "Re: [RFC 2/3] blktrace: fix debugfs use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]