Re: [PATCH v6 6/6] blktrace: fix debugfs use after free

[Bart Van Assche]

On 2020-06-08 10:01, Luis Chamberlain wrote:
> +	/*
> +	 * Blktrace needs a debugfs name even for queues that don't register
> +	 * a gendisk, so it lazily registers the debugfs directory.  But that
> +	 * can get us into a situation where a SCSI device is found, with no
> +	 * driver for it (yet).  Then blktrace is used on the device, creating
> +	 * the debugfs directory, and only after that a driver is loaded. In
> +	 * that case we might already have a debugfs directory registered here.
> +	 * Even worse we could be racing with blktrace to register it.
> +	 */

There are LLD and ULD drivers in the SCSI subsystem. Please mention the
driver type explicitly. I assume that you are referring to SCSI ULDs
since only SCSI ULD drivers call device_add_disk()?

Could the above comment be made shorter by only mentioning that blktrace
may have been set up before or concurrently with device_add_disk() and
that device_add_disk() calls blk_register_queue()?

>  	case BLKTRACESETUP:
> +		if (!sdp->device->request_queue->sg_debugfs_dir)
> +			blk_sg_debugfs_init(sdp->device->request_queue,
> +					    sdp->disk->disk_name);

How about moving the sg_debugfs_dir check into blk_sg_debugfs_init()?

Thanks,

Bart.