[5.5,047/257] debugfs: Check module state before warning in {full/open}_proxy_open()

From: Taehee Yoo <ap420073@gmail.com>

From: Taehee Yoo <ap420073@gmail.com>

[ Upstream commit 275678e7a9be6a0ea9c1bb493e48abf2f4a01be5 ]

When the module is being removed, the module state is set to
MODULE_STATE_GOING. At this point, try_module_get() fails.
And when {full/open}_proxy_open() is being called,
it calls try_module_get() to try to hold module reference count.
If it fails, it warns about the possibility of debugfs file leak.

If {full/open}_proxy_open() is called while the module is being removed,
it fails to hold the module.
So, It warns about debugfs file leak. But it is not the debugfs file
leak case. So, this patch just adds module state checking routine
in the {full/open}_proxy_open().

Test commands:
    #SHELL1
    while :
    do
        modprobe netdevsim
        echo 1 > /sys/bus/netdevsim/new_device
        modprobe -rv netdevsim
    done

    #SHELL2
    while :
    do
        cat /sys/kernel/debug/netdevsim/netdevsim1/ports/0/ipsec
    done

Splat looks like:
[  298.766738][T14664] debugfs file owner did not clean up at exit: ipsec
[  298.766766][T14664] WARNING: CPU: 2 PID: 14664 at fs/debugfs/file.c:312 full_proxy_open+0x10f/0x650
[  298.768595][T14664] Modules linked in: netdevsim(-) openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 n][  298.771343][T14664] CPU: 2 PID: 14664 Comm: cat Tainted: G        W         5.5.0+ #1
[  298.772373][T14664] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  298.773545][T14664] RIP: 0010:full_proxy_open+0x10f/0x650
[  298.774247][T14664] Code: 48 c1 ea 03 80 3c 02 00 0f 85 c1 04 00 00 49 8b 3c 24 e8 e4 b5 78 ff 84 c0 75 2d 4c 89 ee 48
[  298.776782][T14664] RSP: 0018:ffff88805b7df9b8 EFLAGS: 00010282[  298.777583][T14664] RAX: dffffc0000000008 RBX: ffff8880511725c0 RCX: 0000000000000000
[  298.778610][T14664] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8880540c5c14
[  298.779637][T14664] RBP: 0000000000000000 R08: fffffbfff15235ad R09: 0000000000000000
[  298.780664][T14664] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffc06b5000
[  298.781702][T14664] R13: ffff88804c234a88 R14: ffff88804c22dd00 R15: ffffffff8a1b5660
[  298.782722][T14664] FS:  00007fafa13a8540(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000
[  298.783845][T14664] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  298.784672][T14664] CR2: 00007fafa0e9cd10 CR3: 000000004b286005 CR4: 00000000000606e0
[  298.785739][T14664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  298.786769][T14664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  298.787785][T14664] Call Trace:
[  298.788237][T14664]  do_dentry_open+0x63c/0xf50
[  298.788872][T14664]  ? open_proxy_open+0x270/0x270
[  298.789524][T14664]  ? __x64_sys_fchdir+0x180/0x180
[  298.790169][T14664]  ? inode_permission+0x65/0x390
[  298.790832][T14664]  path_openat+0xc45/0x2680
[  298.791425][T14664]  ? save_stack+0x69/0x80
[  298.791988][T14664]  ? save_stack+0x19/0x80
[  298.792544][T14664]  ? path_mountpoint+0x2e0/0x2e0
[  298.793233][T14664]  ? check_chain_key+0x236/0x5d0
[  298.793910][T14664]  ? sched_clock_cpu+0x18/0x170
[  298.794527][T14664]  ? find_held_lock+0x39/0x1d0
[  298.795153][T14664]  do_filp_open+0x16a/0x260
[ ... ]

Fixes: 9fd4dcece43a ("debugfs: prevent access to possibly dead file_operations at file open")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Link: https://lore.kernel.org/r/20200218043150.29447-1-ap420073@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/debugfs/file.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

Message ID	20200416131331.812329302@linuxfoundation.org
State	New
Headers	show Return-Path: <SRS0=D6dW=6A=vger.kernel.org=stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, kbuild test robot <lkp@intel.com>, Taehee Yoo <ap420073@gmail.com>, Sasha Levin <sashal@kernel.org> Subject: [PATCH 5.5 047/257] debugfs: Check module state before warning in {full/open}_proxy_open() Date: Thu, 16 Apr 2020 15:21:38 +0200 Message-Id: <20200416131331.812329302@linuxfoundation.org> In-Reply-To: <20200416131325.891903893@linuxfoundation.org> References: <20200416131325.891903893@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk
Series	None \| expand [5.5,003/257] ARM: dts: Fix dm814x Ethernet by changing to use rgmii-id mode [5.5,005/257] iwlwifi: mvm: take the required lock when clearing time event data [5.5,006/257] iwlwifi: mvm: Fix rate scale NSS configuration [5.5,007/257] Input: tm2-touchkey - add support for Coreriver TC360 variant [5.5,010/257] rxrpc: Fix call interruptibility handling [5.5,013/257] ARM: dts: omap4-droid4: Fix lost touchscreen interrupts [5.5,014/257] riscv: uaccess should be used in nommu mode [5.5,015/257] hinic: fix a bug of waitting for IO stopped [5.5,016/257] hinic: fix the bug of clearing event queue [5.5,018/257] hinic: fix wrong para of wait_for_completion_timeout [5.5,021/257] cxgb4/ptp: pass the sign of offset delta in FW CMD [5.5,022/257] drm/scheduler: fix rare NULL ptr race [5.5,026/257] i2c: pca-platform: Use platform_irq_get_optional [5.5,028/257] cpufreq: imx6q: Fixes unwanted cpu overclocking on i.MX6ULL [5.5,031/257] staging: wilc1000: avoid double unlocking of wilc->hif_cs mutex [5.5,032/257] media: vimc: streamer: fix memory leak in vimc subdevs if kthread_run fails [5.5,033/257] media: venus: hfi_parser: Ignore HEVC encoding for V1 [5.5,034/257] firmware: arm_sdei: fix double-lock on hibernate with shared events [5.5,035/257] sched/vtime: Prevent unstable evaluation of WARN(vtime->state) [5.5,038/257] null_blk: Handle null_add_dev() failures properly [5.5,039/257] null_blk: fix spurious IO errors after failed past-wp access [5.5,041/257] media: imx: imx7-media-csi: Fix video field handling [5.5,043/257] ACPI: EC: Do not clear boot_ec_is_ecdt in acpi_ec_add() [5.5,047/257] debugfs: Check module state before warning in {full/open}_proxy_open() [5.5,048/257] spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode [5.5,049/257] irqchip/versatile-fpga: Handle chained IRQs properly [5.5,052/257] sched: Avoid scale real weight down to zero [5.5,053/257] sched/fair: Fix condition of avg_load calculation [5.5,055/257] PCI/switchtec: Fix init_completion race condition with poll_wait() [5.5,056/257] block, bfq: move forward the getting of an extra ref in bfq_bfqq_move [5.5,061/257] gfs2: Dont demote a glock until its revokes are written [5.5,064/257] efi/x86: Ignore the memory attributes table on i386 [5.5,065/257] genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy() [5.5,067/257] block, zoned: fix integer overflow with BLKRESETZONE et al [5.5,069/257] media: i2c: ov5695: Fix power on and off sequences [5.5,078/257] btrfs: remove a BUG_ON() from merge_reloc_roots() [5.5,079/257] btrfs: restart relocate_tree_blocks properly [5.5,080/257] btrfs: track reloc roots based on their commit root bytenr [5.5,083/257] ASoC: dpcm: allow start or stop during pause for backend [5.5,084/257] ASoC: topology: use name_prefix for new kcontrol [5.5,087/257] ALSA: usb-audio: Add mixer workaround for TRX40 and co [5.5,088/257] ALSA: hda: Add driver blacklist [5.5,089/257] ALSA: hda: Fix potential access overflow in beep helper [5.5,092/257] ALSA: hda/realtek: Enable mute LED on an HP system [5.5,093/257] ALSA: hda/realtek - a fake key event is triggered by running shutup [5.5,095/257] ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 [5.5,098/257] ALSA: hda/realtek - Add quirk for MSI GL63 [5.5,099/257] media: venus: cache vb payload to be used by clock scaling [5.5,101/257] media: hantro: Read be32 words starting at every fourth byte [5.5,102/257] media: ti-vpe: cal: fix disable_irqs to only the intended target [5.5,103/257] media: ti-vpe: cal: fix a kernel oops when unloading module [5.5,106/257] acpi/x86: ignore unspecified bit positions in the ACPI global lock field [5.5,107/257] ACPICA: Allow acpi_any_gpe_status_set() to skip one GPE [5.5,110/257] nvmet-tcp: fix maxh2cdata icresp parameter [5.5,113/257] PCI: pciehp: Fix indefinite wait on sysfs requests [5.5,114/257] PCI/ASPM: Clear the correct bits when enabling L1 substates [5.5,117/257] PCI: endpoint: Fix for concurrent memory allocation in OB address region [5.5,118/257] erofs: correct the remaining shrink objects [5.5,119/257] sched/fair: Fix enqueue_task_fair warning [5.5,121/257] tpm: tpm1_bios_measurements_next should increase position index [5.5,122/257] tpm: tpm2_bios_measurements_next should increase position index [5.5,124/257] mmc: mmci_sdmmc: Fix clear busyd0end irq flag [5.5,125/257] rcu: Make rcu_barrier() account for offline no-CBs CPUs [5.5,126/257] cpu/hotplug: Ignore pm_wakeup_pending() for disable_nonboot_cpus() [5.5,129/257] io_uring: remove bogus RLIMIT_NOFILE check in file registration [5.5,130/257] pstore: pstore_ftrace_seq_next should increase position index [5.5,134/257] PM: sleep: wakeup: Skip wakeup_source_sysfs_remove() if device is not there [5.5,136/257] signal: Extend exec_id to 64bits [5.5,139/257] x86/tsc_msr: Make MSR derived TSC frequency more accurate [5.5,140/257] x86/entry/32: Add missing ASM_CLAC to general_protection entry [5.5,141/257] platform/x86: asus-wmi: Support laptops where the first battery is named BATT [5.5,143/257] KVM: nVMX: Properly handle userspace interrupt window request [5.5,146/257] KVM: x86: Allocate new rmap and large page tracking when moving memslot [5.5,148/257] KVM: x86: Gracefully handle __vmalloc() failure during VM allocation [5.5,150/257] KVM: VMX: fix crash cleanup when KVM wasnt used [5.5,151/257] smb3: fix performance regression with setting mtime [5.5,156/257] mtd: rawnand: cadence: change bad block marker size [5.5,157/257] mtd: rawnand: cadence: reinit completion before executing a new command [5.5,159/257] Btrfs: fix crash during unmount due to race with delayed inode workers [5.5,160/257] btrfs: reloc: clean dirty subvols if we fail to start a transaction [5.5,161/257] btrfs: set update the uuid generation as soon as possible [5.5,165/257] btrfs: fix missing semaphore unlock in btrfs_sync_file [5.5,167/257] remoteproc: qcom_q6v5_mss: Dont reassign mpss region on shutdown [5.5,169/257] remoteproc: Fix NULL pointer dereference in rproc_virtio_notify [5.5,172/257] io_uring: honor original task RLIMIT_FSIZE [5.5,174/257] tools: gpio: Fix out-of-tree build regression [5.5,177/257] sched/core: Remove duplicate assignment in sched_tick_remote() [5.5,180/257] dm writecache: add cond_resched to avoid CPU hangs [5.5,184/257] dm clone: Fix handling of partial region discards [5.5,185/257] dm clone: Add overflow check for number of regions [5.5,186/257] dm clone: Add missing casts to prevent overflows and data corruption [5.5,188/257] XArray: Fix xas_pause for large multi-index entries [5.5,189/257] xarray: Fix early termination of xas_for_each_marked [5.5,190/257] crypto: caam/qi2 - fix chacha20 data size error [5.5,193/257] crypto: ccree - only try to map auth tag if needed [5.5,195/257] scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point [5.5,197/257] scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error path [5.5,198/257] scsi: lpfc: Fix broken Credit Recovery after driver load [5.5,199/257] ARM: dts: exynos: Fix polarity of the LCD SPI bus on UniversalC210 board [5.5,200/257] arm64: dts: ti: k3-am65: Add clocks to dwc3 nodes [5.5,202/257] selftests: vm: drop dependencies on page flags from mlock2 tests [5.5,203/257] selftests/vm: fix map_hugetlb length used for testing read and write [5.5,208/257] drm/etnaviv: rework perfmon query infrastructure [5.5,209/257] drm: Remove PageReserved manipulation from drm_pci_alloc [5.5,211/257] drm/amdgpu: unify fw_write_wait for new gfx9 asics [5.5,212/257] drm/amd/display: Check for null fclk voltage when parsing clock table [5.5,214/257] powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable [5.5,215/257] drm/vboxvideo: Add missing remove_conflicting_pci_framebuffers call, v2 [5.5,218/257] NFS: Fix a page leak in nfs_destroy_unlinked_subrequests() [5.5,220/257] drm/i915/gt: Treat idling as a RPS downclock event [5.5,224/257] s390/diag: fix display of diagnose call statistics [5.5,226/257] ftrace/kprobe: Show the maxactive number on kprobe_events [5.5,227/257] clk: ingenic/jz4770: Exit with error if CGU init failed [5.5,228/257] clk: ingenic/TCU: Fix round_rate returning error [5.5,229/257] kmod: make request_module() return an error when autoloading is disabled [5.5,230/257] cpufreq: powernv: Fix use-after-free [5.5,232/257] libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set [5.5,234/257] xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() [5.5,236/257] powerpc/64/tm: Dont let userspace set regs->trap via sigreturn [5.5,239/257] powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs [5.5,240/257] powerpc/64: Setup a paca before parsing device tree etc. [5.5,243/257] powerpc/64: Prevent stack protection in early boot [5.5,246/257] drm/bridge: analogix-anx78xx: Fix drm_dp_link helper removal [5.5,249/257] drm/amdgpu: fix gfx hang during suspend with video playback (v2) [5.5,252/257] perf/core: Unify {pinned,flexible}_sched_in() [5.5,254/257] perf/core: Remove struct sched_in_data [5.5,255/257] powerpc/kasan: Fix kasan_remap_early_shadow_ro() [5.5,257/257] mmc: sdhci: Refactor sdhci_set_timeout()

[5.5,047/257] debugfs: Check module state before warning in {full/open}_proxy_open()

Commit Message

Patch