Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751488AbcCFMZi (ORCPT ); Sun, 6 Mar 2016 07:25:38 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:36346 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751394AbcCFMZe (ORCPT ); Sun, 6 Mar 2016 07:25:34 -0500 From: Nicolai Stange To: Greg Kroah-Hartman Cc: "Paul E. McKenney" , Alexander Viro , Jonathan Corbet , Jan Kara , Andrew Morton , Julia Lawall , Gilles Muller , Nicolas Palix , Michal Marek , linux-kernel@vger.kernel.org, cocci@systeme.lip6.fr, Nicolai Stange Subject: [PATCH v5 0/8] fix debugfs file removal races Date: Sun, 6 Mar 2016 13:24:55 +0100 Message-Id: <1457267103-28910-1-git-send-email-nicstange@gmail.com> X-Mailer: git-send-email 2.7.2 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5524 Lines: 120 Unfortunately, after application of the v4 series to the driver-core tree's driver-core-testing branch, the kbuild test robot discovered two issues: https://lists.01.org/pipermail/kbuild-all/2016-March/018146.html https://lists.01.org/pipermail/kbuild-all/2016-March/018145.html This v5 version of the series fixes them. I hope that a replacement of v4 by v5 is still possible at this stage and apologize for any inconveniences. Original v4 thread is here: http://lkml.kernel.org/g/8737sjo7qa.fsf@gmail.com Changes v4 -> v5: [1/8] ("debugfs: prevent access to possibly dead file_operations at file open") - In the DocBook comment for debugfs_use_file_start(), rename the "@file" parameter into the now correct "@dentry". [2/8] ("debugfs: prevent access to removed files' private data)" - In include/linux/debugfs.h, add the inline keyword to the CONFIG_DEBUG_FS=n dummy implementations of debugfs_use_file_start()/_finish() [3-8/8] unchanged Changes v3 -> v4: [4/8] ("debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage") - This one is new, the Coccinelle related changes have been split off from former [3/7] ("debugfs: add support for self-protecting attribute file fops") into this patch. - Style fixes as suggested by Julia Lawall have been applied to the contained cocci script's comment header. [5/8] ("debugfs: unproxify integer attribute files") - The commit messages has been reworded in order to get rid of the unfortunate triple-X in former [4/7]. [6-8/8] - Former [5-7/8], only the numbering has changed. Changes v2 -> v3: [1/7] ("debugfs: prevent access to possibly dead file_operations at file open") - move the definition of the debugfs_use_file_start() and _end() from former [2/2] to [1/7]. Also, they've been renamed from debugfs_file_use_data*(). - Make the ->open() proxy use the debugfs_use_file_*() helpers. - In debugfs_use_file_start(), use d_unlinked() rather than (->d_fsdata == NULL) as a flag whether the dentry is dead. - Make the ->open() proxy include the forwarded call to the original fops' ->open within the SRCU read side critical section. - debugfs_proxy_file_operations has been renamed to "debugfs_open_proxy_file_operations" to distinguish it from the full proxy introduced in [2/7]. [2/7] ("debugfs: prevent access to removed files' private data") - This one has changed completely: instead of providing file removal-safe fops helpers to opt-into at the debugfs users, the original struct file_operations get completely and unconditionally proxied now. [3-7/7] New. Opt-out from the full proxying introduced in [2/7] for some special case struct file_operations provided by debugfs itself. Changes v1 -> v2: [1/2] ("debugfs: prevent access to possibly dead file_operations at file open") - Resolve trivial diff conflict in debugfs_remove_recursive(): in the meanwhile, an unrelated 'mutex_unlock(...)' had been rewritten to 'inode_unlock(...)' which broke the diff's context. - Introduce the fs/debugfs/internal.h header and move the declarations of debugfs_noop_file_operations, debugfs_proxy_file_operations and debugfs_rcu from include/linux/debugfs.h thereinto. Include this header from file.c and inode.c. - Add a word about the new internal header to the commit message. - Move the inclusion of linux/srcu.h from include/linux/debugfs.h into file.c and inode.c respectively. [2/2] ("debugfs: prevent access to removed files' private data") - Move the definitions of debugfs_file_use_data_start() and debugfs_file_use_data_finish() from include/linux/debugfs.h to file.c. Export them and keep their declarations in debugfs.h, - In order to be able to attach proper __acquires() and __releases() tags to the decalarations of debugfs_file_use_data_*() in debugfs.h, move the debugfs_srcu declaration from internal.h into debugfs.h. - Since the definitions as well as the docstrings of debugfs_file_use_data_*() have been moved into file.c, there is no need to run DocBook on debugfs.h: do not modify Documentation/DocBook/filesystems.tmpl anymore. - In the commit message, encourage new users of debugfs to prefer DEFINE_DEBUGFS_ATTRIBUTE() and friends over DEFINE_SIMPLE_ATTRIBUTE(). Nicolai Stange (8): debugfs: prevent access to possibly dead file_operations at file open debugfs: prevent access to removed files' private data debugfs: add support for self-protecting attribute file fops debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage debugfs: unproxify integer attribute files debugfs: unproxify files created through debugfs_create_bool() debugfs: unproxify files created through debugfs_create_blob() debugfs: unproxify files created through debugfs_create_u32_array() fs/debugfs/file.c | 437 +++++++++++++++++---- fs/debugfs/inode.c | 101 ++++- fs/debugfs/internal.h | 26 ++ include/linux/debugfs.h | 49 ++- lib/Kconfig.debug | 1 + .../api/debugfs/debugfs_simple_attr.cocci | 67 ++++ 6 files changed, 593 insertions(+), 88 deletions(-) create mode 100644 fs/debugfs/internal.h create mode 100644 scripts/coccinelle/api/debugfs/debugfs_simple_attr.cocci -- 2.7.2