Commit b769a2f4 authored by Ming Lei's avatar Ming Lei Committed by Jens Axboe
Browse files

blktrace: move copy_[to|from]_user() out of ->debugfs_lock 



Move copy_[to|from]_user() out of ->debugfs_lock and cut the dependency
between mm->mmap_lock and q->debugfs_lock, then we avoids lots of
lockdep false positive warning. Obviously ->debug_lock isn't needed
for copy_[to|from]_user().

The only behavior change is to call blk_trace_remove() in case of setup
failure handling by re-grabbing ->debugfs_lock, and this way is just
fine since we do cover concurrent setup() & remove().

Reported-by: default avatar <syzbot+91585b36b538053343e4@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/linux-block/67450fd4.050a0220.1286eb.0007.GAE@google.com/
Closes: https://lore.kernel.org/linux-block/6742e584.050a0220.1cc393.0038.GAE@google.com/
Closes: https://lore.kernel.org/linux-block/6742a600.050a0220.1cc393.002e.GAE@google.com/
Closes: https://lore.kernel.org/linux-block/67420102.050a0220.1cc393.0019.GAE@google.com/


Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20241128125029.4152292-3-ming.lei@redhat.com


Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent fd9b0244

kernel/trace/blktrace.c

+9 −17
Original line number Diff line number Diff line
@@ -617,8 +617,9 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, 
	return ret;

}



static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev,

			     struct block_device *bdev, char __user *arg)

int blk_trace_setup(struct request_queue *q, char *name, dev_t dev,

		    struct block_device *bdev,

		    char __user *arg)

{

	struct blk_user_trace_setup buts;

	int ret;
@@ -627,26 +628,17 @@ static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev, 
	if (ret)

		return -EFAULT;



	mutex_lock(&q->debugfs_mutex);

	ret = do_blk_trace_setup(q, name, dev, bdev, &buts);

	mutex_unlock(&q->debugfs_mutex);

	if (ret)

		return ret;



	if (copy_to_user(arg, &buts, sizeof(buts))) {

		__blk_trace_remove(q);

		blk_trace_remove(q);

		return -EFAULT;

	}

	return 0;

}



int blk_trace_setup(struct request_queue *q, char *name, dev_t dev,

		    struct block_device *bdev,

		    char __user *arg)

{

	int ret;



	mutex_lock(&q->debugfs_mutex);

	ret = __blk_trace_setup(q, name, dev, bdev, arg);

	mutex_unlock(&q->debugfs_mutex);



	return ret;

}
@@ -673,12 +665,14 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, 
		.pid = cbuts.pid,

	};



	mutex_lock(&q->debugfs_mutex);

	ret = do_blk_trace_setup(q, name, dev, bdev, &buts);

	mutex_unlock(&q->debugfs_mutex);

	if (ret)

		return ret;



	if (copy_to_user(arg, &buts.name, ARRAY_SIZE(buts.name))) {

		__blk_trace_remove(q);

		blk_trace_remove(q);

		return -EFAULT;

	}
@@ -740,9 +734,7 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) 
#if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64)

	case BLKTRACESETUP32:

		snprintf(b, sizeof(b), "%pg", bdev);

		mutex_lock(&q->debugfs_mutex);

		ret = compat_blk_trace_setup(q, b, bdev->bd_dev, bdev, arg);

		mutex_unlock(&q->debugfs_mutex);

		break;

#endif

	case BLKTRACESTART: