Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp2905570ybk; Mon, 18 May 2020 10:47:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwNASrsgBTEbsKLhmcGLsUtXGoM/xsaAXdFjEaGGfn0D4Cwc2t81lDJ0RNpOi1zRhNgNnVB X-Received: by 2002:a50:cf4c:: with SMTP id d12mr6305895edk.121.1589824032941; Mon, 18 May 2020 10:47:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589824032; cv=none; d=google.com; s=arc-20160816; b=0fWEzOJevuv9fprkfn3WKJth0j9LYBjNs2T1WFAbXQFtLIG74Duk4d2417PEIReXa3 wvCXsdDTeRr1RqLR/obuY4WUw3gSL05LiIqNd69d7Mk7qWj4N3jZEIIMEExb9vGabiox CHrarrLMmUXhZeknlJL2TxSBk4FQKtYSKNTI4NsX7E3T/AxlaGSc0YAAhY4ib4rTc/Op Wj8wCk0ZqoQcWW4tB8nvQxP1ViMDWwq7kk9ppdOMHvS8NDTOGDuAEJBjEZwZZQQDWe9j pcuQlN2qtBp2h1khtjLcEPeJnwYmVO9xHMD15IDEKTp3OwJdKmHfCJNL9IegT998C4ii CC8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Kpgu9W/cHO3WJmK7zjnZrvFCpAVTo1nmyYMQMSCoYTw=; b=ezF/BkZSulc8uTdbyP1fQj7ZIHxs6oLpQerBOb+EHL7tu+hkS5E/krwMJUoNVy+K7I m82gwKLIxvOzUJuw3oL8yC68zB+QWgV2WjdUMQJShkUtzNcyxfJEEiag56l2tO9yW9X1 w7cozNQaknSK3vk/21bLk6fgCHjOOfXttdEEIh88+YO4pTumFmjkO/JtwV+flgeVRiS4 D6IpZJt6Mh76c4rWq9kFar1f88BbgNjwfAeucFMtYzHd78DInpnPIfVOevYK0vqVGICk st929JOMdQku6SUJCeW+0jsgCt7a16w5R6IWtPEJrVfrEhpPNrHyYNDsY+sXwNIHuWeL 7XFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ACler6s5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c2si3142813edq.134.2020.05.18.10.46.50; Mon, 18 May 2020 10:47:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ACler6s5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728877AbgERRoc (ORCPT + 99 others); Mon, 18 May 2020 13:44:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:42732 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729743AbgERRo0 (ORCPT ); Mon, 18 May 2020 13:44:26 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1439C20853; Mon, 18 May 2020 17:44:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589823865; bh=Wt0BE6DdX2nSOZNimgGDzjTqchGZmtsE+LKulxdaQ2s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ACler6s5xlEQMbdnmpRm/q8j7qSh4Y+rIKZ/0Rdevum7DRKAMPvBYqmxttMHKDI9y S8ZfnPz9POz8zaWhKz9iwE0UUL5DGNeSFmM3czoaKGD11C9FK/bSijDLSl2INahf8u X6GhyBSqAmlcVHMtXMmt2FqEwkLY+Rjjqp83ElYU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dmitry Vyukov , Jens Axboe , Ben Hutchings , Sasha Levin Subject: [PATCH 4.9 30/90] blktrace: fix unlocked access to init/start-stop/teardown Date: Mon, 18 May 2020 19:36:08 +0200 Message-Id: <20200518173457.324311593@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200518173450.930655662@linuxfoundation.org> References: <20200518173450.930655662@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jens Axboe commit 1f2cac107c591c24b60b115d6050adc213d10fc0 upstream. sg.c calls into the blktrace functions without holding the proper queue mutex for doing setup, start/stop, or teardown. Add internal unlocked variants, and export the ones that do the proper locking. Fixes: 6da127ad0918 ("blktrace: Add blktrace ioctls to SCSI generic devices") Tested-by: Dmitry Vyukov Signed-off-by: Jens Axboe Signed-off-by: Ben Hutchings Signed-off-by: Sasha Levin --- kernel/trace/blktrace.c | 58 ++++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 10 deletions(-) diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index ff1384c5884c5..55337d797deb1 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -329,7 +329,7 @@ static void blk_trace_cleanup(struct blk_trace *bt) put_probe_ref(); } -int blk_trace_remove(struct request_queue *q) +static int __blk_trace_remove(struct request_queue *q) { struct blk_trace *bt; @@ -342,6 +342,17 @@ int blk_trace_remove(struct request_queue *q) return 0; } + +int blk_trace_remove(struct request_queue *q) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_remove(q); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_remove); static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, @@ -546,9 +557,8 @@ err: return ret; } -int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, - struct block_device *bdev, - char __user *arg) +static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev, + struct block_device *bdev, char __user *arg) { struct blk_user_trace_setup buts; int ret; @@ -567,6 +577,19 @@ int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, } return 0; } + +int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, + struct block_device *bdev, + char __user *arg) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_setup(q, name, dev, bdev, arg); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_setup); #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) @@ -603,7 +626,7 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, } #endif -int blk_trace_startstop(struct request_queue *q, int start) +static int __blk_trace_startstop(struct request_queue *q, int start) { int ret; struct blk_trace *bt = q->blk_trace; @@ -642,6 +665,17 @@ int blk_trace_startstop(struct request_queue *q, int start) return ret; } + +int blk_trace_startstop(struct request_queue *q, int start) +{ + int ret; + + mutex_lock(&q->blk_trace_mutex); + ret = __blk_trace_startstop(q, start); + mutex_unlock(&q->blk_trace_mutex); + + return ret; +} EXPORT_SYMBOL_GPL(blk_trace_startstop); /* @@ -672,7 +706,7 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) switch (cmd) { case BLKTRACESETUP: bdevname(bdev, b); - ret = blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); + ret = __blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); break; #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) case BLKTRACESETUP32: @@ -683,10 +717,10 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) case BLKTRACESTART: start = 1; case BLKTRACESTOP: - ret = blk_trace_startstop(q, start); + ret = __blk_trace_startstop(q, start); break; case BLKTRACETEARDOWN: - ret = blk_trace_remove(q); + ret = __blk_trace_remove(q); break; default: ret = -ENOTTY; @@ -704,10 +738,14 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) **/ void blk_trace_shutdown(struct request_queue *q) { + mutex_lock(&q->blk_trace_mutex); + if (q->blk_trace) { - blk_trace_startstop(q, 0); - blk_trace_remove(q); + __blk_trace_startstop(q, 0); + __blk_trace_remove(q); } + + mutex_unlock(&q->blk_trace_mutex); } /* -- 2.20.1