Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp325617rda; Sat, 21 Oct 2023 09:10:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHu3oloDT1Aj8jqTcOsjTZlShA9Tn6DjjCmFalTKZqVQRR4JS/Gvq1+hHfdy4rnb6SHIX8y X-Received: by 2002:a05:6358:2626:b0:168:a286:d5d7 with SMTP id l38-20020a056358262600b00168a286d5d7mr3562171rwc.8.1697904601068; Sat, 21 Oct 2023 09:10:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697904601; cv=none; d=google.com; s=arc-20160816; b=VqhVP5upR9QS4Kci+wbTExiHIsoAGerT69jOhXrT/FGojK42UMPm4/ozjAbe69P4V9 0cyMndiIQkR3ImcRJ7A3YerLcejexbbwEP1DfERa1eSgf2pSHXdGvK5QQlEqi5b7LtL7 zp1DcXHwMKFzQ1SyjWVAMbDprpH4MyNAHtS4Zryh8aXwdx44lCyzgwX4BhtAZkncRp23 VFBeDlpxeJiHH2Ygp/I5zZBTdAyWbzNwXqdHizJdgPUS3kFX08K5TQBa8fg4OrvGlu6C lY/w9ePSGSZua3WK+kUFm5cktdpaR2ZSZDxJ2faDGKQ52GQ1g5qFZelLcEEM/YMsvjtg 1zuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date; bh=Ac9HnQNeSCiyk1KX3CmjadDRLXtRqO7nfGdvX8fPi28=; fh=1PVc5drkgXFHDOOIR/Tw/O16yxnF8/w7alCVUswuv60=; b=GavThevAbQiLtW8rduA5eGqXUsRmkVAGvleIW6EQcAZKdASpLK1RzYJhOIC70MqfYE gBGMmq/2CBS4xJRDLaYkM0PUX/9LfQ2pH4kwFNXAXLCKGJTcAXi6Kei7k2RuGLMxQqfp ZH3zBQu//GrWYr8/YTKld1CZe2n9+ZMrIVqjKRepvTgd1jE2KLdNEdguvJ6WwLA+fDTr C8PS7+sKa7ILayJMf2vF6zbYdjmPDum9WBK8pj4L3QPjR/uhMLRekImujdnp2TKYF59K BgDfPilUkodRql7/9Bt9lUvLxGbTxPSuUPuTGCRAMeiu08gPrd5U5TtScDu19E89FTbT qs8A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id t184-20020a632dc1000000b005892fd16947si3865809pgt.546.2023.10.21.09.10.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Oct 2023 09:10:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 0E6D880A99B6; Sat, 21 Oct 2023 09:09:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231777AbjJUQJs convert rfc822-to-8bit (ORCPT + 99 others); Sat, 21 Oct 2023 12:09:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231372AbjJUQJr (ORCPT ); Sat, 21 Oct 2023 12:09:47 -0400 Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A811F1A8 for ; Sat, 21 Oct 2023 09:09:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id F355A6343CAC; Sat, 21 Oct 2023 18:09:40 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Vsuiu3WwRoDH; Sat, 21 Oct 2023 18:09:40 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 8149C6343CBC; Sat, 21 Oct 2023 18:09:40 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id seXA32NShRV0; Sat, 21 Oct 2023 18:09:40 +0200 (CEST) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id 58A186343CAF; Sat, 21 Oct 2023 18:09:40 +0200 (CEST) Date: Sat, 21 Oct 2023 18:09:40 +0200 (CEST) From: Richard Weinberger To: chengzhihao1 Cc: ZhaoLong Wang , Miquel Raynal , Vignesh Raghavendra , dpervushin , Artem Bityutskiy , linux-mtd , linux-kernel , yi zhang , yangerkun Message-ID: <441107100.23734.1697904580252.JavaMail.zimbra@nod.at> In-Reply-To: <891e554b-c133-6378-3a65-836fc9147e54@huawei.com> References: <20231018121618.778385-1-wangzhaolong1@huawei.com> <1381458025.20897.1697747248632.JavaMail.zimbra@nod.at> <891e554b-c133-6378-3a65-836fc9147e54@huawei.com> Subject: Re: [PATCH v2] ubi: gluebi: Fix NULL pointer dereference caused by ftl notifier MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF97 (Linux)/8.8.12_GA_3809) Thread-Topic: gluebi: Fix NULL pointer dereference caused by ftl notifier Thread-Index: 2PTLgou/05+/uw7nwcEWecaps0pTog== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sat, 21 Oct 2023 09:09:58 -0700 (PDT) ----- Ursprüngliche Mail ----- > Von: "chengzhihao1" >>> Such a modification currently works because the mutex "mtd_table_mutex" >>> is held on all necessary paths, including the ftl_add_mtd() call path, >>> open and close paths. Therefore, many race condition can be avoided. >> >> I see the problem, but I'm not really satisfied by the solution. >> Adding this hack to gluebi_read() is not nice at all. > > Yes, it's jsut a workaround. At the begining, I prefer that increasing > volume refcnt (by ubi_open_volume) in gluebi_create and releasing volume > refcnt in gluebi_remove. It looks more reasonable that holding a refcnt > of UBI volume when gluebi is alive. After looking through the code, the > creation/destroying of gluebi is triggered by volume > actions(UBI_VOLUME_ADDED/UBI_VOLUME_REMOVED), which means that: > 1. gluebi_remove is depended on UBI_VOLUME_REMOVED(triggered by > ubi_remove_volume) > 2. ubi_remove_volume won't be executed until the refcnt of volume > becomes 0(released by gluebi_remove) > > If we add new ioctls to control creation/destroying of gluebi, then > gluebi mtd won't be automatically created when UBI volume is added. I'm > not certain whether this change will effect existing startup process > that depends on gluebi. Let's take a stack back. The sole purpose of gluebi is providing a way to run JFFS2 on top of UBI. IMHO there is no need to run an FTL on top of UBI or even mtdblock. This kind of stacking does not make sense. So, I'd go so far and propose the following: diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c index ff18636e08897..b362a64411ebd 100644 --- a/drivers/mtd/mtd_blkdevs.c +++ b/drivers/mtd/mtd_blkdevs.c @@ -463,7 +463,7 @@ static void blktrans_notify_add(struct mtd_info *mtd) { struct mtd_blktrans_ops *tr; - if (mtd->type == MTD_ABSENT) + if (mtd->type == MTD_ABSENT || mtd->type == MTD_UBIVOLUME) return; list_for_each_entry(tr, &blktrans_majors, list) IOW, no mtdblock (hence, also no FTLs) on top of gluebi. What do you guys think? Thanks, //richard