diff mbox series

blk-mq: only unregister sysfs when registration succeeded

Message ID	20221112110754.1109979-1-liushixin2@huawei.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Liu Shixin <liushixin2@huawei.com> To: Jens Axboe <axboe@kernel.dk> CC: <linux-block@vger.kernel.org>, <linux-kernel@vger.kernel.org>, Liu Shixin <liushixin2@huawei.com> Subject: [PATCH] blk-mq: only unregister sysfs when registration succeeded Date: Sat, 12 Nov 2022 19:07:54 +0800 Message-ID: <20221112110754.1109979-1-liushixin2@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	blk-mq: only unregister sysfs when registration succeeded \| blk-mq: only unregister sysfs when registration succeeded

Commit Message

Liu Shixin Nov. 12, 2022, 11:07 a.m. UTC

  kobject_del() must not be called if kobject_add() has not been called.
Hence only unregister sysfs when registration succeeded.

Signed-off-by: Liu Shixin <liushixin2@huawei.com>
---
 block/blk-mq-sysfs.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Yu Kuai Nov. 12, 2022, 10:44 a.m. UTC | #1

Hi,

在 2022/11/12 19:07, Liu Shixin 写道:
> kobject_del() must not be called if kobject_add() has not been called.
> Hence only unregister sysfs when registration succeeded.
> 

 From what I see, the blk_queue_registered() from caller
blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED
will only be set if blk_register_queue() succeed.

Thanks,
Kuai

> Signed-off-by: Liu Shixin <liushixin2@huawei.com>
> ---
>   block/blk-mq-sysfs.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
> index 93997d297d42..63f2df2500d9 100644
> --- a/block/blk-mq-sysfs.c
> +++ b/block/blk-mq-sysfs.c
> @@ -279,6 +279,8 @@ void blk_mq_sysfs_unregister(struct gendisk *disk)
>   	unsigned long i;
>   
>   	lockdep_assert_held(&q->sysfs_dir_lock);
> +	if (!q->mq_sysfs_init_done)
> +		return;
>   
>   	queue_for_each_hw_ctx(q, hctx, i)
>   		blk_mq_unregister_hctx(hctx);
>

Yu Kuai Nov. 12, 2022, 10:57 a.m. UTC | #2

在 2022/11/12 18:44, Yu Kuai 写道:
> Hi,
> 
> 在 2022/11/12 19:07, Liu Shixin 写道:
>> kobject_del() must not be called if kobject_add() has not been called.
>> Hence only unregister sysfs when registration succeeded.
>>
> 
>  From what I see, the blk_queue_registered() from caller
> blk_unregister_queue() can already prevent that. QUEUE_FLAG_REGISTERED
> will only be set if blk_register_queue() succeed.

I see that the return value of blk_mq_sysfs_register() is not checked
from blk_register_queue(), there will be memleak or uaf from error path.

Hence I think better thing to do is to handle the case that
blk_mq_sysfs_register() faild, and clean up if blk_mq_sysfs_register()
succeed while follow up procedures failed from blk_register_queue().

diff mbox series

Patch

diff --git a/block/blk-mq-sysfs.c b/block/blk-mq-sysfs.c
index 93997d297d42..63f2df2500d9 100644
--- a/block/blk-mq-sysfs.c
+++ b/block/blk-mq-sysfs.c
@@ -279,6 +279,8 @@  void blk_mq_sysfs_unregister(struct gendisk *disk)
 	unsigned long i;
 
 	lockdep_assert_held(&q->sysfs_dir_lock);
+	if (!q->mq_sysfs_init_done)
+		return;
 
 	queue_for_each_hw_ctx(q, hctx, i)
 		blk_mq_unregister_hctx(hctx);