Re: [PATCH v5 02/11] block: Block Device Filtering Mechanism
From: Sergei Shtepa <hidden>
Date: 2023-07-17 17:40:17
Also in:
linux-doc, linux-fsdevel, lkml
Hi. On 7/12/23 14:34, Yu Kuai wrote:
Subject: Re: [PATCH v5 02/11] block: Block Device Filtering Mechanism From: Yu Kuai [off-list ref] Date: 7/12/23, 14:34 To: Yu Kuai [off-list ref], Sergei Shtepa [off-list ref], axboe@kernel.dk, hch@infradead.org, corbet@lwn.net, snitzer@kernel.org CC: viro@zeniv.linux.org.uk, brauner@kernel.org, dchinner@redhat.com, willy@infradead.org, dlemoal@kernel.org, linux@weissschuh.net, jack@suse.cz, ming.lei@redhat.com, linux-block@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Donald Buczek [off-list ref], "yukuai (C)" [off-list ref] Hi, 在 2023/07/12 18:04, Yu Kuai 写道:quoted
Hi, 在 2023/07/11 10:02, Yu Kuai 写道:quoted
quoted
+static bool submit_bio_filter(struct bio *bio) +{ + if (bio_flagged(bio, BIO_FILTERED)) + return false; + + bio_set_flag(bio, BIO_FILTERED); + return bio->bi_bdev->bd_filter->ops->submit_bio(bio); +} + static void __submit_bio(struct bio *bio) { + /* + * If there is a filter driver attached, check if the BIO needs to go to + * the filter driver first, which can then pass on the bio or consume it. + */ + if (bio->bi_bdev->bd_filter && submit_bio_filter(bio)) + return; + if (unlikely(!blk_crypto_bio_prep(&bio))) return;...quoted
quoted
+static void __blkfilter_detach(struct block_device *bdev) +{ + struct blkfilter *flt = bdev->bd_filter; + const struct blkfilter_operations *ops = flt->ops; + + bdev->bd_filter = NULL; + ops->detach(flt); + module_put(ops->owner); +} + +void blkfilter_detach(struct block_device *bdev) +{ + if (bdev->bd_filter) { + blk_mq_freeze_queue(bdev->bd_queue);And this is not sate as well, for bio-based device, q_usage_counter is not grabbed while submit_bio_filter() is called, hence there is a risk of uaf from submit_bio_filter().And there is another question, can blkfilter_detach() from del_gendisk/delete_partiton and ioctl concurrent? I think it's a problem.
Yes, it looks like if two threads execute the blkfilter_detach() function, then a problem is possible. The blk_mq_freeze_queue() function does not block threads. But for this, it is necessary that the IOCTL for the block device and its removal are performed simultaneously. Is this possible? I suppose that using mutex bdev->bd_disk->open_mutex in blkfilter_ioctl_attach(), blkfilter_ioctl_detach() and blkfilter_ioctl_ctl() can fix the problem. What do you think?
Thanks, Kuaiquoted
Thanks, Kuai .