From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Subject: [PATCH 0/6] cdev: delete partitions when deleting master cdev
Date: Wed, 3 Jan 2024 11:16:23 +0100 [thread overview]
Message-ID: <20240103101629.2629497-1-a.fatoum@pengutronix.de> (raw)
blockdevice_unregister only calls devfs_remove on the root cdev and
leaves the partition cdevs dangling. This doesn't break until the
block device parent struct device is freed at which time, it will
iterate over its cdevs to free them. If there's partitions there,
list_del on the partitions triggers a use after free.
This series fixes this by removing partitions whenever the master cdev
is deleted.
Code has been this way since for ever, but virtio deletes its devices on
shutdown triggering this issue. As virtio isn't that critical, I think
it's ok to not go into master right away and sit in next first.
common/partitions.c | 12 +++++++----
drivers/base/driver.c | 2 +-
drivers/of/partition.c | 16 +++++++--------
fs/devfs-core.c | 45 +++++++++++++++++++++++++++---------------
include/driver.h | 12 +++++++----
lib/bootstrap/devfs.c | 2 +-
6 files changed, 55 insertions(+), 34 deletions(-)
--
2.39.2
next reply other threads:[~2024-01-03 10:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-03 10:16 Ahmad Fatoum [this message]
2024-01-03 10:16 ` [PATCH 1/6] cdev: make __devfs_add_partition's last argument optional Ahmad Fatoum
2024-01-03 10:16 ` [PATCH 2/6] driver.h: move devfs_add/del_partition later in file Ahmad Fatoum
2024-01-03 10:16 ` [PATCH 3/6] cdev: export cdevfs_add_partition for general use Ahmad Fatoum
2024-01-04 8:22 ` Sascha Hauer
2024-01-04 8:51 ` [PATCH] fixup! " Ahmad Fatoum
2024-01-03 10:16 ` [PATCH 4/6] partition: switch to using cdevfs_add_partition Ahmad Fatoum
2024-01-03 10:16 ` [PATCH 5/6] cdev: export and use cdevfs_del_partition Ahmad Fatoum
2024-01-03 10:16 ` [PATCH 6/6] cdev: delete partitions when deleting master cdev Ahmad Fatoum
2024-01-08 9:59 ` [PATCH 0/6] " Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240103101629.2629497-1-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox