From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: gregkh@linuxfoundation.org
Subject: Re: [PATCHES][RFC][CFT] debugfs cleanups
Date: Sun, 29 Dec 2024 20:58:28 +0000 [thread overview]
Message-ID: <20241229205828.GC1977892@ZenIV> (raw)
In-Reply-To: <20241229080948.GY1977892@ZenIV>
On Sun, Dec 29, 2024 at 08:09:48AM +0000, Al Viro wrote:
> All of that could be avoided if we augmented debugfs inodes with
> a couple of pointers - no more stashing crap in ->d_fsdata, etc.
> And it's really not hard to do. The series below attempts to untangle
> that mess; it can be found in
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.debugfs
>
> It's very lightly tested; review and more testing would be
> very welcome.
BTW, looking through debugfs-related stuff...
arch/x86/kernel/cpu/resctrl/pseudo_lock.c:pseudo_lock_measure_trigger()
debugfs_file_get()/debugfs_file_put() pair inside, even though the
only use of that sucker is ->write() of file_operations fed
to debugfs_create_file(). In other words, it's going to be
called only by full_proxy_write(), which already has such a pair
around that...
drivers/base/regmap/regmap-debugfs.c:regmap_cache_{only,bypass}_write_file()
ditto
drivers/gpu/drm/xlnx/zynqmp_dp.c:zynqmp_dp_{pattern,custom}_write()
ditto
drivers/gpu/drm/xlnx/zynqmp_dp.c:zynqmp_dp_{pattern,custom}_read()
similar, except that it's ->read() rather than ->write()
drivers/infiniband/hw/hfi1/debugfs.c:hfi1_seq_read()
ditto, AFAICS. Verifying that is not pleasant (use of ## in
that forest of macros is seriously grep-hostile), but...
drivers/infiniband/hw/hfi1/debugfs.c:hfi1_seq_lseek()
same story for ->llseek()
drivers/infiniband/hw/hfi1/fault.c:fault_opcodes_{read,write}()
same story
drivers/thermal/testing/command.c:tt_command_write()
same, but debugfs_file_put() is apparently lost.
Attempt to rmmod that sucker ought to deadlock if there had
been a call of that...
sound/soc/sof/ipc4-mtrace.c:sof_ipc4_mtrace_dfs_open()
->open() calling debugfs_file_get(), with matching debugfs_file_put()
only in ->release(). Again, that's debugfs_create_file() fodder -
with nothing to trigger removal in sight. Fortunately, since had
that been triggerable from userland, you could get a nice deadlock
by opening that file and triggering removal...
sound/soc/sof/sof-client-ipc-flood-test.c:sof_ipc_flood_dfs_open()
same, except that here removal *is* triggerable. Do rmmod with
e.g. stdin redirected from that file and you are screwed.
sound/soc/sof/sof-client-ipc-kernel-injector.c:sof_msg_inject_dfs_open()
same, complete with deadlock on rmmod...
sound/soc/sof/sof-client-ipc-msg-injector.c:sof_msg_inject_dfs_open()
... and here as well.
As far as I can see, there's not a single legitimate caller of
debugfs_file_{get,put}() outside of fs/debugfs/file.c. Is there any
reason to keep that stuff non-static, let alone exported?
next prev parent reply other threads:[~2024-12-29 20:58 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-29 8:09 [PATCHES][RFC][CFT] debugfs cleanups Al Viro
2024-12-29 8:12 ` [PATCH 01/20] debugfs: fix missing mutex_destroy() in short_fops case Al Viro
2024-12-29 8:12 ` [PATCH 02/20] debugfs: separate cache for debugfs inodes Al Viro
2024-12-29 8:12 ` [PATCH 03/20] debugfs: move ->automount into debugfs_inode_info Al Viro
2024-12-29 8:12 ` [PATCH 04/20] debugfs: get rid of dynamically allocation proxy_ops Al Viro
2024-12-29 8:12 ` [PATCH 05/20] debugfs: don't mess with bits in ->d_fsdata Al Viro
2024-12-29 8:12 ` [PATCH 06/20] debugfs: allow to store an additional opaque pointer at file creation Al Viro
2024-12-29 8:12 ` [PATCH 07/20] carl9170: stop embedding file_operations into their objects Al Viro
2024-12-29 8:12 ` [PATCH 08/20] b43: stop embedding struct " Al Viro
2024-12-29 8:12 ` [PATCH 09/20] b43legacy: make use of debugfs_get_aux() Al Viro
2024-12-29 8:12 ` [PATCH 10/20] netdevsim: don't embed file_operations into your structs Al Viro
2024-12-29 8:12 ` [PATCH 11/20] mediatek: stop messing with ->d_iname Al Viro
2024-12-29 8:12 ` [PATCH 12/20] [not even compile-tested] greybus/camera - " Al Viro
2024-12-29 8:12 ` [PATCH 13/20] mtu3: don't mess wiht ->d_iname Al Viro
2024-12-29 8:12 ` [PATCH 14/20] xhci: don't mess with ->d_iname Al Viro
2024-12-29 8:12 ` [PATCH 15/20] qat: don't mess with ->d_name Al Viro
2024-12-29 8:12 ` [PATCH 16/20] sof-client-ipc-flood-test: " Al Viro
2024-12-29 8:12 ` [PATCH 17/20] slub: " Al Viro
2024-12-29 8:12 ` [PATCH 18/20] arm_scmi: don't mess with ->d_parent->d_name Al Viro
2024-12-29 8:12 ` [PATCH 19/20] octeontx2: don't mess with ->d_parent or ->d_parent->d_name Al Viro
2024-12-29 8:12 ` [PATCH 20/20] saner replacement for debugfs_rename() Al Viro
2024-12-29 16:38 ` Al Viro
2025-01-07 15:20 ` [PATCH 01/20] debugfs: fix missing mutex_destroy() in short_fops case Greg KH
2024-12-29 20:58 ` Al Viro [this message]
2025-01-07 14:56 ` [PATCHES][RFC][CFT] debugfs cleanups Greg KH
2025-01-12 8:05 ` [PATCHES v2][RFC][CFT] " Al Viro
2025-01-12 8:06 ` [PATCH v2 01/21] debugfs: separate cache for debugfs inodes Al Viro
2025-01-12 8:06 ` [PATCH v2 02/21] debugfs: move ->automount into debugfs_inode_info Al Viro
2025-01-13 14:49 ` Christian Brauner
2025-01-12 8:06 ` [PATCH v2 03/21] debugfs: get rid of dynamically allocation proxy_ops Al Viro
2025-01-13 14:51 ` Christian Brauner
2025-01-12 8:06 ` [PATCH v2 04/21] debugfs: don't mess with bits in ->d_fsdata Al Viro
2025-01-13 14:55 ` Christian Brauner
2025-01-12 8:06 ` [PATCH v2 05/21] debugfs: allow to store an additional opaque pointer at file creation Al Viro
2025-01-13 14:56 ` Christian Brauner
2025-01-12 8:06 ` [PATCH v2 06/21] debugfs: take debugfs_short_fops definition out of ifdef Al Viro
2025-01-13 14:57 ` Christian Brauner
2025-01-12 8:06 ` [PATCH v2 07/21] carl9170: stop embedding file_operations into their objects Al Viro
2025-01-12 8:06 ` [PATCH v2 08/21] b43: stop embedding struct " Al Viro
2025-01-12 8:06 ` [PATCH v2 09/21] b43legacy: make use of debugfs_get_aux() Al Viro
2025-01-12 8:06 ` [PATCH v2 10/21] netdevsim: don't embed file_operations into your structs Al Viro
2025-01-12 8:06 ` [PATCH v2 11/21] mediatek: stop messing with ->d_iname Al Viro
2025-01-12 8:06 ` [PATCH v2 12/21] [not even compile-tested] greybus/camera - " Al Viro
2025-01-12 8:06 ` [PATCH v2 13/21] mtu3: don't mess wiht ->d_iname Al Viro
2025-01-12 8:06 ` [PATCH v2 14/21] xhci: don't mess with ->d_iname Al Viro
2025-01-12 8:06 ` [PATCH v2 15/21] qat: don't mess with ->d_name Al Viro
2025-01-12 8:07 ` [PATCH v2 16/21] sof-client-ipc-flood-test: " Al Viro
2025-01-12 8:07 ` [PATCH v2 17/21] slub: " Al Viro
2025-01-12 8:07 ` [PATCH v2 18/21] arm_scmi: don't mess with ->d_parent->d_name Al Viro
2025-01-12 8:07 ` [PATCH v2 19/21] octeontx2: don't mess with ->d_parent or ->d_parent->d_name Al Viro
2025-01-12 8:07 ` [PATCH v2 20/21] orangefs-debugfs: don't mess with ->d_name Al Viro
2025-01-12 8:07 ` [PATCH v2 21/21] saner replacement for debugfs_rename() Al Viro
2025-01-13 14:48 ` [PATCH v2 01/21] debugfs: separate cache for debugfs inodes Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241229205828.GC1977892@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox