Git Repo - linux.git/commit

author	Jan Kara <[email protected]>
	Thu, 6 Feb 2020 14:28:12 +0000 (15:28 +0100)
committer	Jens Axboe <[email protected]>
	Tue, 25 Feb 2020 15:40:07 +0000 (08:40 -0700)
commit	c780e86dd48ef6467a1146cf7d0fe1e05a635039
tree	adc26e0463d952242d1a18b9de9b2226eff81e17	tree \| snapshot
parent	01e99aeca3979600302913cef3f89076786f32c8	commit \| diff

blktrace: Protect q->blk_trace with RCU

KASAN is reporting that __blk_add_trace() has a use-after-free issue
when accessing q->blk_trace. Indeed the switching of block tracing (and
thus eventual freeing of q->blk_trace) is completely unsynchronized with
the currently running tracing and thus it can happen that the blk_trace
structure is being freed just while __blk_add_trace() works on it.
Protect accesses to q->blk_trace by RCU during tracing and make sure we
wait for the end of RCU grace period when shutting down tracing. Luckily
that is rare enough event that we can afford that. Note that postponing
the freeing of blk_trace to an RCU callback should better be avoided as
it could have unexpected user visible side-effects as debugfs files
would be still existing for a short while block tracing has been shut
down.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=205711
CC: [email protected]
Reviewed-by: Chaitanya Kulkarni <[email protected]>
Reviewed-by: Ming Lei <[email protected]>
Tested-by: Ming Lei <[email protected]>
Reviewed-by: Bart Van Assche <[email protected]>
Reported-by: Tristan Madani <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>

include/linux/blkdev.h		diff \| blob \| blame \| history
include/linux/blktrace_api.h		diff \| blob \| blame \| history
kernel/trace/blktrace.c		diff \| blob \| blame \| history