From: Johannes Berg <johannes@sipsolutions.net>
To: Nicolai Stange <nicstange@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Paul E.McKenney" <paulmck@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 8/9] debugfs: defer debugfs_fsdata allocation to first usage
Date: Tue, 18 Apr 2017 11:36:44 +0200 [thread overview]
Message-ID: <1492508204.2472.7.camel@sipsolutions.net> (raw)
In-Reply-To: <20170416095137.2784-9-nicstange@gmail.com> (sfid-20170416_115200_841095_0D158B2F)
On Sun, 2017-04-16 at 11:51 +0200, Nicolai Stange wrote:
>
> +++ b/fs/debugfs/file.c
> @@ -53,6 +53,7 @@ const struct file_operations
> *debugfs_real_fops(const struct file *filp)
> {
> struct debugfs_fsdata *fsd = F_DENTRY(filp)->d_fsdata;
>
> + WARN_ON((unsigned long)fsd &
> DEBUGFS_FSDATA_IS_REAL_FOPS_BIT);
> return fsd->real_fops;
I'm not a fan of BUG_ON(), but in this case, if you have a completely
bogus pointer here, and then you return fsd->real_fops which will be
even more bogus, and *then* you call a function from within it... that
seems like a recipe for disaster.
So either you could return some valid ops (perhaps
debugfs_noop_file_operations although those don't have .name or .poll,
so it doesn't cover everything), or you can just BUG_ON() here
directly, saving the incomprehensible crash later.
johannes
> EXPORT_SYMBOL_GPL(debugfs_real_fops);
> @@ -74,9 +75,35 @@ EXPORT_SYMBOL_GPL(debugfs_real_fops);
> */
> int debugfs_file_get(struct dentry *dentry)
> {
> - struct debugfs_fsdata *fsd = dentry->d_fsdata;
> + struct debugfs_fsdata *fsd;
> + void *d_fsd;
> +
> + d_fsd = READ_ONCE(dentry->d_fsdata);
> + if (!((unsigned long)d_fsd &
> DEBUGFS_FSDATA_IS_REAL_FOPS_BIT)) {
> + fsd = d_fsd;
> + } else {
> + fsd = kmalloc(sizeof(*fsd), GFP_KERNEL);
> + if (!fsd)
> + return -ENOMEM;
> +
> + fsd->real_fops = (void *)((unsigned long)d_fsd &
> + ~DEBUGFS_FSDATA_IS_REAL_FOPS
> _BIT);
> + refcount_set(&fsd->active_users, 1);
> + init_completion(&fsd->active_users_drained);
> + if (cmpxchg(&dentry->d_fsdata, d_fsd, fsd) != d_fsd)
> {
> + kfree(fsd);
> + fsd = READ_ONCE(dentry->d_fsdata);
> + }
> + }
>
> - /* Avoid starvation of removers. */
> + /*
> + * In case of a successful cmpxchg() above, this check is
> + * strictly necessary and must follow it, see the comment in
> + * __debugfs_remove_file().
> + * OTOH, if the cmpxchg() hasn't been executed or wasn't
> + * successful, this serves the purpose of not starving
> + * removers.
> + */
> if (d_unlinked(dentry))
> return -EIO;
>
> @@ -98,7 +125,7 @@ EXPORT_SYMBOL_GPL(debugfs_file_get);
> */
> void debugfs_file_put(struct dentry *dentry)
> {
> - struct debugfs_fsdata *fsd = dentry->d_fsdata;
> + struct debugfs_fsdata *fsd = READ_ONCE(dentry->d_fsdata);
>
> if (refcount_dec_and_test(&fsd->active_users))
> complete(&fsd->active_users_drained);
> @@ -109,10 +136,11 @@ static int open_proxy_open(struct inode *inode,
> struct file *filp)
> {
> struct dentry *dentry = F_DENTRY(filp);
> const struct file_operations *real_fops = NULL;
> - int r = 0;
> + int r;
>
> - if (debugfs_file_get(dentry))
> - return -ENOENT;
> + r = debugfs_file_get(dentry);
> + if (r)
> + return r == -EIO ? -ENOENT : r;
>
> real_fops = debugfs_real_fops(filp);
> real_fops = fops_get(real_fops);
> @@ -233,10 +261,11 @@ static int full_proxy_open(struct inode *inode,
> struct file *filp)
> struct dentry *dentry = F_DENTRY(filp);
> const struct file_operations *real_fops = NULL;
> struct file_operations *proxy_fops = NULL;
> - int r = 0;
> + int r;
>
> - if (debugfs_file_get(dentry))
> - return -ENOENT;
> + r = debugfs_file_get(dentry);
> + if (r)
> + return r == -EIO ? -ENOENT : r;
>
> real_fops = debugfs_real_fops(filp);
> real_fops = fops_get(real_fops);
> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
> index 5550f11d60bd..2360c17ec00a 100644
> --- a/fs/debugfs/inode.c
> +++ b/fs/debugfs/inode.c
> @@ -184,7 +184,10 @@ static const struct super_operations
> debugfs_super_operations = {
>
> static void debugfs_release_dentry(struct dentry *dentry)
> {
> - kfree(dentry->d_fsdata);
> + void *fsd = dentry->d_fsdata;
> +
> + if (!((unsigned long)fsd & DEBUGFS_FSDATA_IS_REAL_FOPS_BIT))
> + kfree(dentry->d_fsdata);
> }
>
> static struct vfsmount *debugfs_automount(struct path *path)
> @@ -346,35 +349,25 @@ static struct dentry
> *__debugfs_create_file(const char *name, umode_t mode,
> {
> struct dentry *dentry;
> struct inode *inode;
> - struct debugfs_fsdata *fsd;
> -
> - fsd = kmalloc(sizeof(*fsd), GFP_KERNEL);
> - if (!fsd)
> - return NULL;
>
> if (!(mode & S_IFMT))
> mode |= S_IFREG;
> BUG_ON(!S_ISREG(mode));
> dentry = start_creating(name, parent);
>
> - if (IS_ERR(dentry)) {
> - kfree(fsd);
> + if (IS_ERR(dentry))
> return NULL;
> - }
>
> inode = debugfs_get_inode(dentry->d_sb);
> - if (unlikely(!inode)) {
> - kfree(fsd);
> + if (unlikely(!inode))
> return failed_creating(dentry);
> - }
>
> inode->i_mode = mode;
> inode->i_private = data;
>
> inode->i_fop = proxy_fops;
> - fsd->real_fops = real_fops;
> - refcount_set(&fsd->active_users, 1);
> - dentry->d_fsdata = fsd;
> + dentry->d_fsdata = (void *)((unsigned long)real_fops |
> + DEBUGFS_FSDATA_IS_REAL_FOPS_BIT);
>
> d_instantiate(dentry, inode);
> fsnotify_create(d_inode(dentry->d_parent), dentry);
> @@ -637,8 +630,17 @@ static void __debugfs_remove_file(struct dentry
> *dentry, struct dentry *parent)
>
> simple_unlink(d_inode(parent), dentry);
> d_delete(dentry);
> - fsd = dentry->d_fsdata;
> - init_completion(&fsd->active_users_drained);
> +
> + /*
> + * Paired with the closing smp_mb() implied by a successful
> + * cmpxchg() in debugfs_file_get(): either
> + * debugfs_file_get() must see a dead dentry or we must see
> a
> + * debugfs_fsdata instance at ->d_fsdata here (or both).
> + */
> + smp_mb();
> + fsd = READ_ONCE(dentry->d_fsdata);
> + if ((unsigned long)fsd & DEBUGFS_FSDATA_IS_REAL_FOPS_BIT)
> + return;
> if (!refcount_dec_and_test(&fsd->active_users))
> wait_for_completion(&fsd->active_users_drained);
> }
> diff --git a/fs/debugfs/internal.h b/fs/debugfs/internal.h
> index 0eea99432840..cb1e8139c398 100644
> --- a/fs/debugfs/internal.h
> +++ b/fs/debugfs/internal.h
> @@ -25,4 +25,12 @@ struct debugfs_fsdata {
> struct completion active_users_drained;
> };
>
> +/*
> + * A dentry's ->d_fsdata either points to the real fops or to a
> + * dynamically allocated debugfs_fsdata instance.
> + * In order to distinguish between these two cases, a real fops
> + * pointer gets its lowest bit set.
> + */
> +#define DEBUGFS_FSDATA_IS_REAL_FOPS_BIT BIT(0)
> +
> #endif /* _DEBUGFS_INTERNAL_H_ */
next prev parent reply other threads:[~2017-04-18 9:36 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-23 14:54 deadlock in synchronize_srcu() in debugfs? Johannes Berg
2017-03-23 15:29 ` Johannes Berg
2017-03-24 8:56 ` Johannes Berg
2017-03-24 9:24 ` Johannes Berg
2017-03-24 17:45 ` Paul E. McKenney
2017-03-24 18:51 ` Johannes Berg
2017-03-24 19:33 ` Paul E. McKenney
2017-03-24 20:20 ` Paul E. McKenney
2017-03-27 11:18 ` Johannes Berg
2017-03-23 15:36 ` Nicolai Stange
2017-03-23 15:47 ` Johannes Berg
2017-03-27 11:36 ` Johannes Berg
2017-03-30 7:32 ` Nicolai Stange
2017-03-30 7:55 ` Johannes Berg
2017-03-30 10:27 ` Nicolai Stange
2017-03-30 11:11 ` Johannes Berg
2017-03-31 9:03 ` Nicolai Stange
2017-03-31 9:44 ` Johannes Berg
2017-04-16 9:51 ` [RFC PATCH 0/9] debugfs: per-file removal protection Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 1/9] debugfs: add support for more elaborate ->d_fsdata Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 2/9] debugfs: implement per-file removal protection Nicolai Stange
2017-04-18 2:23 ` [lkp-robot] [debugfs] f3e7155d08: BUG:unable_to_handle_kernel kernel test robot
2017-04-23 18:37 ` Nicolai Stange
2017-04-24 6:36 ` Ye Xiaolong
2017-04-16 9:51 ` [RFC PATCH 3/9] debugfs: debugfs_real_fops(): drop __must_hold sparse annotation Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 4/9] debugfs: convert to debugfs_file_get() and -put() Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 5/9] IB/hfi1: " Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 6/9] debugfs: purge obsolete SRCU based removal protection Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 7/9] debugfs: call debugfs_real_fops() only after debugfs_file_get() Nicolai Stange
2017-04-16 9:51 ` [RFC PATCH 8/9] debugfs: defer debugfs_fsdata allocation to first usage Nicolai Stange
2017-04-18 9:36 ` Johannes Berg [this message]
2017-05-02 20:05 ` Nicolai Stange
2017-05-03 5:43 ` Johannes Berg
2017-04-16 9:51 ` [RFC PATCH 9/9] debugfs: free debugfs_fsdata instances Nicolai Stange
2017-04-17 16:01 ` Paul E. McKenney
2017-04-18 9:39 ` Johannes Berg
2017-04-18 13:31 ` Paul E. McKenney
2017-04-18 13:40 ` Johannes Berg
2017-04-18 15:17 ` Paul E. McKenney
2017-04-18 15:20 ` Johannes Berg
2017-04-18 17:19 ` Paul E. McKenney
2017-03-23 15:37 ` deadlock in synchronize_srcu() in debugfs? Paul E. McKenney
2017-03-23 15:46 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1492508204.2472.7.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nicstange@gmail.com \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).