On Thu, Apr 21, 2022 at 09:09:01AM -0700, Christoph Hellwig wrote: > On Thu, Apr 21, 2022 at 04:34:31PM +0800, Ming Lei wrote: > > q->debugfs_dir is used by blk-mq debugfs and blktrace. The dentry is > > created when adding disk, and removed when releasing request queue. > > > > There is small window between releasing disk and releasing request > > queue, and during the period, one disk with same name may be created > > and added, so debugfs_create_dir() may complain with "Directory XXXXX > > with parent 'block' already present!" > > > > Fixes the issue by moving debugfs_create_dir() into blk_alloc_queue(), > > and the dir name is named with q->id from beginning, and switched to > > disk name when adding disk, and finally changed to q->id in disk_release(). > > Is there any good reason to not just debugfs_remove_recursive in > blk_unregister_queue and do away with all the renaming? Please see the following reasons: 1) disk_release_mq() calls elevator_exit()/rq_qos_exit(), and the two may trigger UAF if q->debugfs_dir is removed in blk_unregister_queue(). 2) after deleting disk, blktrace still should/can work for tracing passthrough request. 3) "debugfs directory deleted with blktrace active" in block/002 could be triggered thanks, Ming
