Received: by 10.213.65.68 with SMTP id h4csp228155imn; Fri, 16 Mar 2018 00:49:38 -0700 (PDT) X-Google-Smtp-Source: AG47ELu+mIzuRcvU/6oQko0xVDR0qmyGyVWz6vt+gLs7w9qmPFlkBzxQ2T/KpzRO9wvSgKoYJwB4 X-Received: by 2002:a17:902:b20f:: with SMTP id t15-v6mr1019495plr.349.1521186578277; Fri, 16 Mar 2018 00:49:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521186578; cv=none; d=google.com; s=arc-20160816; b=Ae/6lgUOt6EQONI8eEYGjHB2mRgy76E7pZ0WF4JQVUGcl8kGUBE2DXbd5tEJ7ds4iR CT9RiNxXkK4GOgpp1v7dvx6v1PPQHPno2LMjofgYYvpDgy1qTYC6U1eUHBCHgiRG1kRB BKIcAiS9NbKU5O+0m59aa8hB7NnJIDtmqsx9E0I8XUjhbO4U9wLg1vtLmTOOjydFojDw YjzqZ+ZqiSgXtxqNZYWuchW9TSjCtVq00feWcMyYvYprHtUXwTwLdgDOxd1xmCZGLQcx cGRfn8JNS9raDrp2Fmd616MUCD7OvuuhtpIKvC6Sn+6r8aYkL2EXqyceUciGf3QHMEj0 /2mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=ExbNEDQndHBaSOaMWfZ5ajcPSOFwYQLLzWAOxdYrxog=; b=ZvKS1HTShSGcwCmm4zzyjXpAkWC3Jmiqblx8gVniHJ19LKDFOI1c8Td1lWyT50jbI9 grd+UpJABMKmCqbuxTE2FVV3scqNXfDGTU5Om0o5wc4Na5naRJDtDx4jZsJhHSY4qxvj 0YSdOUn5LeBW6Nu0Mv7kU2OQLhEgX/HKX7xHaevXfNUAxKkvCTYgqYug1fZAFjoh6MQn 6SOGIyidaLcRGEbG1sTshxAL94PkSUxLrDJr9mE7VY5SbdtTTUaPUpSUcIgaegazIJ7D goUFDEKzuMTM69O9CmB4D02vfNrnyyT1AtS1JkDenLOu6CllWxjZSRLvIiuaOmuAKTY/ hV3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d6-v6si5573244plo.661.2018.03.16.00.49.24; Fri, 16 Mar 2018 00:49:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753401AbeCPHsd convert rfc822-to-8bit (ORCPT + 99 others); Fri, 16 Mar 2018 03:48:33 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:48234 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752014AbeCPHsc (ORCPT ); Fri, 16 Mar 2018 03:48:32 -0400 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id CF3BA181878B6; Fri, 16 Mar 2018 08:48:30 +0100 (CET) From: Richard Weinberger To: arvindY Cc: dwmw2@infradead.org, computersforpeace@gmail.com, boris.brezillon@free-electrons.com, marek.vasut@gmail.com, cyrille.pitchen@wedev4u.fr, dedekind1@gmail.com, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org Subject: Re: [PATCH 2/2 v2] mtd: ubi: use put_device() if device_register fail Date: Fri, 16 Mar 2018 08:50:06 +0100 Message-ID: <1800631.Ura3nHEcOL@blindfold> In-Reply-To: <5AAAB066.90900@gmail.com> References: <1521098431-29565-1-git-send-email-arvind.yadav.cs@gmail.com> <11250cfc-f092-b299-1044-50334c518bf1@gmail.com> <5AAAB066.90900@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Content-Type: text/plain; charset="iso-8859-1" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Arvind, Am Donnerstag, 15. M?rz 2018, 18:41:58 CET schrieb arvindY: > On Thursday 15 March 2018 02:17 PM, Arvind Yadav wrote: > > On Thursday 15 March 2018 01:25 PM, Richard Weinberger wrote: > >> Am Donnerstag, 15. M?rz 2018, 08:20:31 CET schrieb Arvind Yadav: > >>> if device_register() returned an error! Always use put_device() > >>> to give up the reference initialized. > >> > >> Like DaveM said, there is no need to shout and use "!". > > > > I will fix this and send you update patch. > > > >>> Signed-off-by: Arvind Yadav > >>> --- > >>> > >>> change in v2: > >>> Fix use-after-free bug. move put_device() after cdev_del(). > >>> > >>> drivers/mtd/ubi/vmt.c | 1 + > >>> 1 file changed, 1 insertion(+) > >>> > >>> diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c > >>> index 3fd8d7f..93c6163 100644 > >>> --- a/drivers/mtd/ubi/vmt.c > >>> +++ b/drivers/mtd/ubi/vmt.c > >>> @@ -610,6 +610,7 @@ int ubi_add_volume(struct ubi_device *ubi, struct > >>> ubi_volume *vol) > >>> > >>> out_cdev: > >>> cdev_del(&vol->cdev); > >>> > >>> + put_device(&vol->dev); > >>> > >>> return err; > >> > >> The more I dig into device code, the more questions I have. > >> Why is cdev_del() not part of the release function? > >> > >> Thanks, > >> //richard > > > > Yes, It's should be a part release function. > > > > ~arvind > > I was wrong, We can not add cdev_del() in release(vol_release) > function. > Function's ubi_create_volume and ubi_add_volume both are using > same release function to release a volume devices. > ubi_add_volume is registering character device for the volume. > So we will have to release character device here. This is not what I meant. The question was whether we should free all this data structures from the device model's point of view. That we have to massage UBI code for that is clear. Thanks, //richard