Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932695AbcCJV7I (ORCPT <rfc822;w@1wt.eu>);
	Thu, 10 Mar 2016 16:59:08 -0500
Received: from mail-wm0-f41.google.com ([74.125.82.41]:37997 "EHLO
	mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932235AbcCJV7F (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 10 Mar 2016 16:59:05 -0500
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Nicolai Stange <nicstange@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 1/8] debugfs: prevent access to possibly dead file_operations at file open
Organization: D03
References: <1457267103-28910-1-git-send-email-nicstange@gmail.com>
	<1457267103-28910-2-git-send-email-nicstange@gmail.com>
X-Hashcash: 1:20:160310:akpm@linux-foundation.org::ZCUgb420/Kgt2oNa:0000000000000000000000000000000000000e54
X-Hashcash: 1:20:160310:paulmck@linux.vnet.ibm.com::TjqV8U63qr9jwGWa:000000000000000000000000000000000000MEG
X-Hashcash: 1:20:160310:nicstange@gmail.com::bQJj6eanP/Ndrbfs:0000000000000000000000000000000000000000000z5S
X-Hashcash: 1:20:160310:gregkh@linuxfoundation.org::FWJWHPO6OpU9aBNx:000000000000000000000000000000000001PGU
X-Hashcash: 1:20:160310:gilles.muller@lip6.fr::eQvZ+s7AvVSonGN6:00000000000000000000000000000000000000001VkF
X-Hashcash: 1:20:160310:jack@suse.com::1G4tKJDeXOUmpeFa:000026Wp
X-Hashcash: 1:20:160310:corbet@lwn.net::6HjaJUo4O+jcI0sm:0003E3p
X-Hashcash: 1:20:160310:linux-kernel@vger.kernel.org::kiIHfU0jiScj3Grj:000000000000000000000000000000000304L
X-Hashcash: 1:20:160310:julia.lawall@lip6.fr::z8StmniBjrfZCibK:0000000000000000000000000000000000000000038Tq
X-Hashcash: 1:20:160310:cocci@systeme.lip6.fr::E+H6RJP9X+VFD0Y6:000000000000000000000000000000000000000043K9
X-Hashcash: 1:20:160310:viro@zeniv.linux.org.uk::o87Fhq6kQn1Ui9pd:000000000000000000000000000000000000004q4V
X-Hashcash: 1:20:160310:mmarek@suse.com::vnRH68DXF6wuYC+R:00Lcpo
X-Hashcash: 1:20:160310:nicolas.palix@imag.fr::ZSzAmi8EIruyUCCR:0000000000000000000000000000000000000000T5xQ
Date: Thu, 10 Mar 2016 22:59:02 +0100
In-Reply-To: <1457267103-28910-2-git-send-email-nicstange@gmail.com> (Nicolai
	Stange's message of "Sun, 6 Mar 2016 13:24:56 +0100")
Message-ID: <87d1r2uh95.fsf@rasmusvillemoes.dk>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1049
Lines: 38

On Sun, Mar 06 2016, Nicolai Stange <nicstange@gmail.com> wrote:

> + *
> + * Allow any ongoing concurrent call into debugfs_remove() or
> + * debugfs_remove_recursive() blocked by a former call to
> + * debugfs_use_file_start() to proceed and return to its caller.
> + */
> +static void debugfs_use_file_finish(int srcu_idx) __releases(&debugfs_srcu)
> +{
> +	srcu_read_unlock(&debugfs_srcu, srcu_idx);
> +}
> +
> +#define F_DENTRY(filp) ((filp)->f_path.dentry)
> +
> +#define REAL_FOPS_DEREF(dentry)					\
> +	((const struct file_operations *)(dentry)->d_fsdata)
> +
> +static int open_proxy_open(struct inode *inode, struct file *filp)
> +{
> +	const struct dentry *dentry = F_DENTRY(filp);
> +	const struct file_operations *real_fops = NULL;
> +	int srcu_idx, r;
> +
> +	r = debugfs_use_file_start(dentry, &srcu_idx);
> +	if (r) {
> +		debugfs_use_file_finish(srcu_idx);
> +		r = -ENOENT;
> +		goto out;

this...

> +out:
> +	fops_put(real_fops);
> +	debugfs_use_file_finish(srcu_idx);

... and that seems like an obvious double unlock?

Rasmus