Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp132040ybz;
        Thu, 16 Apr 2020 21:11:03 -0700 (PDT)
X-Google-Smtp-Source: APiQypIFqQrOMulUaI1FecqKciS9mgUKZeGn+sxrD3giw8gzXFeNK+NBhugRv+w8HaFXGuRj6rX5
X-Received: by 2002:a05:6402:206c:: with SMTP id bd12mr1205833edb.287.1587096663633;
        Thu, 16 Apr 2020 21:11:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587096663; cv=none;
        d=google.com; s=arc-20160816;
        b=i70vym3Dis/j1FBrQ2JgEPYHvV82vQmfD62iGdzIFg7FfHUOChuW98kMFQBigOthw0
         Jop0rDF1bG40LMS4Eznh3jAkm0VekuRw5dAAD4SxuVbVlk8LypsgDITM7QoV1y5wnDvH
         EEocUdgNnUiYhn3+hJOW/FqW+C0aexoGrC58uVuil8WNunQVEV/ILdsbOTIvj3mz5NzX
         6Vd+K4cQ9G/XuZ9Q1FNNdfFMKxW0ZvopwJVnFBIUb6ievIeeHAL60Cv3au9x4MJoH6q4
         YHYjlDmfr4Hj5MwHWkP6q3h5y82CAGWbNKJphPBkOCn55paie+CieSOEmulPLXhuw7Rs
         /O2w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=bamav7q7hXf5GztJWAD0VyN38CdQ+NEBztL/xgzEe0E=;
        b=zWkr8eAnZ/Atn0LnpNG5COurb5qNhax+wJGb6EZsVvrM7GBVAO/gm7ntBRUr6jCcAc
         P2atCkwGZtJ5dMSd5eXBRwZDY0fsYKjtkXGh7QSiqbOziE7R28vY7PTOkZ9+dHEwgnFX
         T0s4jZxzHvA5ExbZIB3PK5MczVwv755ISldGgtniWa62QXxMGIaUi1aqJiR+tQPpaetC
         qCnendm0JBXw1DZIxbyb5KbsOB8dnxjVftOhwhBCSu2MUwf7b6Qj8fQAlpqHsr34V33t
         zL0yPRaSdwjXVO5TR6cjh3XR5Oid/pec3E3EOtg/zIEM+OTi3mytkndnhvMGBChFdL7P
         9X+w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Gyt0aCIA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id 13si14600245edw.369.2020.04.16.21.10.39;
        Thu, 16 Apr 2020 21:11:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Gyt0aCIA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726405AbgDQEJg (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Fri, 17 Apr 2020 00:09:36 -0400
Received: from mail.kernel.org ([198.145.29.99]:55120 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725900AbgDQEJf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Apr 2020 00:09:35 -0400
Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id CF70922250;
        Fri, 17 Apr 2020 04:09:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1587096575;
        bh=/aAOMVOP3MZQGTBFo0xdiu+n9iKYVv70X4AkPfYDRUY=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=Gyt0aCIAKdLM3LASetND1QH5Wfx32kCgTTnBxG2zuGNZrZ5A+Uuyt+EWvqojWwS5D
         zo4tgkaCD0hTcasyZJ7j/nTI6TtMjrTbvxEv3IIfeepWgrn5l7XiWcWDXVNXOJm1L+
         +zIEAsvTYvKFPhvJ4etnosn3KdqzsUfe3B4cENx8=
Received: by mail-ej1-f45.google.com with SMTP id s9so562727eju.1;
        Thu, 16 Apr 2020 21:09:34 -0700 (PDT)
X-Gm-Message-State: AGi0PuZNPhNoQAkTKyBDr33jnGgVBB9DN5jxGH+ZDHjahcuPmUK5fbz/
        JuKsLUQp6g23YwDG/75hsDcrkp5qhVRaUNb6Zp4=
X-Received: by 2002:a17:906:7c2:: with SMTP id m2mr1049847ejc.339.1587096573102;
 Thu, 16 Apr 2020 21:09:33 -0700 (PDT)
MIME-Version: 1.0
References: <20200414041902.16769-1-mcgrof@kernel.org> <20200414041902.16769-3-mcgrof@kernel.org>
 <20200416021036.GA2717677@T590> <20200416052524.GH11244@42.do-not-panic.com>
 <20200416054750.GA2723777@T590> <20200416062054.GL11244@42.do-not-panic.com> <20200416062856.GD2723777@T590>
In-Reply-To: <20200416062856.GD2723777@T590>
From:   Luis Chamberlain <mcgrof@kernel.org>
Date:   Thu, 16 Apr 2020 22:09:24 -0600
X-Gmail-Original-Message-ID: <CAB=NE6VFj4w_o+NA57iBzGaXCGF0afeHy1N_2C9awGcFz5pnQw@mail.gmail.com>
Message-ID: <CAB=NE6VFj4w_o+NA57iBzGaXCGF0afeHy1N_2C9awGcFz5pnQw@mail.gmail.com>
Subject: Re: [PATCH 2/5] blktrace: fix debugfs use after free
To:     Ming Lei <ming.lei@redhat.com>
Cc:     Jens Axboe <axboe@kernel.dk>, Al Viro <viro@zeniv.linux.org.uk>,
        Bart Van Assche <bvanassche@acm.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>, Jan Kara <jack@suse.cz>,
        Nicolai Stange <nstange@suse.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Michal Hocko <mhocko@suse.com>, yu kuai <yukuai3@huawei.com>,
        linux-block@vger.kernel.org,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        linux-mm <linux-mm@kvack.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Omar Sandoval <osandov@fb.com>,
        Hannes Reinecke <hare@suse.com>,
        Michal Hocko <mhocko@kernel.org>,
        syzbot+603294af2d01acfdd6da@syzkaller.appspotmail.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 16, 2020 at 12:29 AM Ming Lei <ming.lei@redhat.com> wrote:
>
> On Thu, Apr 16, 2020 at 06:20:54AM +0000, Luis Chamberlain wrote:
> > On Thu, Apr 16, 2020 at 01:47:50PM +0800, Ming Lei wrote:
> > > On Thu, Apr 16, 2020 at 05:25:24AM +0000, Luis Chamberlain wrote:
> > > > On Thu, Apr 16, 2020 at 10:10:36AM +0800, Ming Lei wrote:
> > > > > In theory, multiple partitions can be traced concurrently, but looks
> > > > > it never works, so it won't cause trouble for multiple partition trace.
> > > > >
> > > > > One userspace visible change is that blktrace debugfs dir name is switched
> > > > > to disk name from partition name in case of partition trace, will it
> > > > > break some utilities?
> > > >
> > > > How is this possible, its not clear to me, we go from:
> > > >
> > > > - q->debugfs_dir = debugfs_create_dir(kobject_name(q->kobj.parent),
> > > > -                                     blk_debugfs_root);
> > > >
> > > > To this:
> > > >
> > > > + q->debugfs_dir = debugfs_create_dir(kobject_name(q->kobj.parent),
> > > > +                                     blk_debugfs_root);
> > > >
> > > >
> > > > Maybe I am overlooking something.
> > >
> > > Your patch removes the blktrace debugfs dir:
> > >
> > > do_blk_trace_setup()
> > >
> > > -       dir = debugfs_lookup(buts->name, blk_debugfs_root);
> > > -       if (!dir)
> > > -               bt->dir = dir = debugfs_create_dir(buts->name, blk_debugfs_root);
> > > -
> > >
> > > Then create blktrace attributes under the dir of q->debugfs_dir.
> > >
> > > However, buts->name could be one partition device name, but
> >
> > I can see how buts->name is set to bdevname() which expands to
> > disk_name(bdev->bd_disk, bdev->bd_part->partno, buf).
> >
> > > q->debugfs_dir has to be disk name.
> >
> > I can't see this, can you point me to where it is clear the
> > request_queue kobject's parent is sure to be the disk name?
>
> blk_register_queue():
>         ...
>         ret = kobject_add(&q->kobj, kobject_get(&dev->kobj), "%s", "queue");
>         ...

Alright, I have a fix for this now, and I do have also a further
explanation as to *why* the debugfs_lookup() doesn't help us here.
I'll follow up with more patches.

  Luis