Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp4237897pxb; Tue, 2 Nov 2021 06:31:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy1yl8/Qizyv8+fgEbeuW3T4hS1hpJ8xKtmDZMf7z2dfhJy80O6Qzf+b+MvXaOjaCN240hi X-Received: by 2002:a17:906:269a:: with SMTP id t26mr45978844ejc.20.1635859918557; Tue, 02 Nov 2021 06:31:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635859918; cv=none; d=google.com; s=arc-20160816; b=Q1l7N6SJrubLTrqGcDyrTpd30ovZmybYIINE8D2pJQPLWJcdOL+S+nMfQ3rUtirBW7 Tz+vC+wjam9bVfQr3tgMwcgiG3kUTk+NNEsnMi+WTA+iIBu0ixd9mWaxn59UR+YnADmd UXLeQ3n7+uyKVWBskdfM+M6rK/QbuH7RNIuUdXNpVqCAxitaF9RTWFPfrBop/mk9eWmO Xhh/S7Remida26mIojzF9T1VWbWzoEOYuQ1BUSpmr6AhleKpkf/x8YU0+BGSqkBFftCt /eZfSYj9rhUr/f9VtNJT5LoAl4sW0IxUV7dnYLiNbi6Rt4g0vU2tVo42tqb/q2e8oa/d UQog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=O9c/QSxr2RJUAMLI1jWde/hbbKUvYhzmu8WM+TzS0Oc=; b=Pc6fDPQHRVLCJup76JctIZqB/64yQa4qJyFCHgjeSOKIz59i5UNwqlNnClhabGIydK qKy3kzSaxgdJbHhDWwAG50hz4WCjMHwlurOotktbqTLw1f/mOsfxNGCaVxVtODoXJi2w 6btrzcTFjqmw4b/U8gJqAJ33eAmnYzOQzkO5lx7D3EUjdp1Ktd+RlIjWzGRwq6B4clnH CRvmC0Sq42MFsKsFRK7vtKysr9NGXKncYMMKS63AlPSyHbIdEOkfaX+OqZImJr+GjRC9 wesv5mEtX9zaQrjsV4iFp4PJyspxSZtA/BG/jXRo8uOmZ1UTrtEhuHduS9DSkbFqWZzk 2KxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i20si23145344ejd.100.2021.11.02.06.31.34; Tue, 02 Nov 2021 06:31:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230128AbhKBNEW (ORCPT + 99 others); Tue, 2 Nov 2021 09:04:22 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]:15343 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230504AbhKBNEV (ORCPT ); Tue, 2 Nov 2021 09:04:21 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Hk95T6YfLz90h1; Tue, 2 Nov 2021 21:01:33 +0800 (CST) Received: from kwepemm600013.china.huawei.com (7.193.23.68) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Tue, 2 Nov 2021 21:01:42 +0800 Received: from [10.174.178.46] (10.174.178.46) by kwepemm600013.china.huawei.com (7.193.23.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.15; Tue, 2 Nov 2021 21:01:41 +0800 Subject: Re: [PATCH -next] ubi: fix race between ctrl_cdev_ioctl and ubi_cdev_ioctl To: Baokun Li , , , , , CC: , , Hulk Robot References: <20211101013739.236430-1-libaokun1@huawei.com> From: Zhihao Cheng Message-ID: Date: Tue, 2 Nov 2021 21:01:40 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20211101013739.236430-1-libaokun1@huawei.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.178.46] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemm600013.china.huawei.com (7.193.23.68) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2021/11/1 9:37, Baokun Li 写道: Hi, Baokun > diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c > index a7e3eb9befb6..708b1b96de01 100644 > --- a/drivers/mtd/ubi/build.c > +++ b/drivers/mtd/ubi/build.c > @@ -467,6 +467,7 @@ static int uif_init(struct ubi_device *ubi) > if (err) > goto out_unreg; > > + spin_lock(&ubi->volumes_lock); > for (i = 0; i < ubi->vtbl_slots; i++) > if (ubi->volumes[i]) { > err = ubi_add_volume(ubi, ubi->volumes[i]); > @@ -475,11 +476,13 @@ static int uif_init(struct ubi_device *ubi) > goto out_volumes; > } > } > + spin_unlock(&ubi->volumes_lock); > > return 0; > > out_volumes: > kill_volumes(ubi); > + spin_unlock(&ubi->volumes_lock); > cdev_device_del(&ubi->cdev, &ubi->dev); > out_unreg: > unregister_chrdev_region(ubi->cdev.dev, ubi->vtbl_slots + 1); There still exist one place that ubi_attach_mtd_dev() may race with ubi_remove_volume(): ubi->bgt_thread = kthread_create(ubi_thread, ubi, "%s", ubi->bgt_name)     goto out_debugfs; ... out_debugfs:     ubi_debugfs_exit_dev(ubi); out_uif:    uif_close(ubi);      // Another process does ioctl to remove volume, which may cause volume double free.