From patchwork Fri Mar 17 18:48:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Logan Gunthorpe X-Patchwork-Id: 740464 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vlDy32g9Dz9ryj for ; Sat, 18 Mar 2017 05:53:31 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Lg/Om/hA"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=PT3lAksD3PE9Z7atZaB9tHr1erqL9F8ygfvORAK2jjo=; b=Lg/Om/hAKMRFRD rC+FcJvMi7yOxQGucf1RUPuP2kl6V+M8gl3e6IKv6zO07/CHXVyUCMHug8zfPPbM9DNXXFSC6krT1 PVEwjvpefXn39g0sRMUTh60dZaBhk55KRYThVNCYhcA1Y6kWzwx2Jf2ujKxWsKxk5mj9lBB7vvhhq Y5/1Bs32DfKS7opGZhRCCd/TgQ0rD+DKH2brvjPqOWMKCPMvg/w/kig2PA0kjkmkfSN503E+HRTpU DIS4c5tIkSdLEsa466ZqxcXHQ66N8YttpiD/sZ6OE8DifzQHAA+FSK+DacxsAIcN+pHDAgtfuLYfy 5NiN8m3/in+Cke/Ja7xQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1cox0B-0006yd-VR; Fri, 17 Mar 2017 18:53:28 +0000 Received: from ale.deltatee.com ([207.54.116.67]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1cowxI-0003ht-F4 for linux-mtd@lists.infradead.org; Fri, 17 Mar 2017 18:50:42 +0000 Received: from cgy1-donard.priv.deltatee.com ([172.16.1.31]) by ale.deltatee.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1cowvs-0002ZJ-Sg; Fri, 17 Mar 2017 12:49:04 -0600 Received: from gunthorp by cgy1-donard.priv.deltatee.com with local (Exim 4.84_2) (envelope-from ) id 1cowvq-0000qf-8Y; Fri, 17 Mar 2017 12:48:58 -0600 From: Logan Gunthorpe To: Greg Kroah-Hartman , Dan Williams , Hans Verkuil , Alexander Viro , Alexandre Belloni , Jason Gunthorpe , Johannes Thumshirn , Dmitry Torokhov , Linus Walleij , Jarkko Sakkinen , "James E.J. Bottomley" , "Martin K. Petersen" , David Woodhouse , Brian Norris , Boris Brezillon , Marek Vasut , Cyrille Pitchen Date: Fri, 17 Mar 2017 12:48:19 -0600 Message-Id: <1489776503-3151-13-git-send-email-logang@deltatee.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1489776503-3151-1-git-send-email-logang@deltatee.com> References: <1489776503-3151-1-git-send-email-logang@deltatee.com> X-SA-Exim-Connect-IP: 172.16.1.31 X-SA-Exim-Rcpt-To: gregkh@linuxfoundation.org, dan.j.williams@intel.com, hans.verkuil@cisco.com, viro@zeniv.linux.org.uk, jgunthorpe@obsidianresearch.com, jthumshirn@suse.de, linus.walleij@linaro.org, jarkko.sakkinen@linux.intel.com, jejb@linux.vnet.ibm.com, martin.petersen@oracle.com, dwmw2@infradead.org, alexandre.belloni@free-electrons.com, boris.brezillon@free-electrons.com, dmitry.torokhov@gmail.com, computersforpeace@gmail.com, marek.vasut@gmail.com, cyrille.pitchen@atmel.com, rtc-linux@googlegroups.com, linux-mtd@lists.infradead.org, linux-nvdimm@lists.01.org, linux-pci@vger.kernel.org, linux-scsi@vger.kernel.org, linux-media@vger.kernel.org, linux-iio@vger.kernel.org, linux-rdma@vger.kernel.org, linux-gpio@vger.kernel.org, linux-input@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, logang@deltatee.com X-SA-Exim-Mail-From: gunthorp@deltatee.com X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ale.deltatee.com X-Spam-Level: X-Spam-Status: No, score=-8.5 required=5.0 tests=ALL_TRUSTED,BAYES_00, GREYLIST_ISWHITE, MYRULES_FREE, MYRULES_NO_TEXT, RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 Subject: [PATCH v5 12/16] mtd: utilize new cdev_device_add helper function X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: Yes (on ale.deltatee.com) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170317_115029_941116_75D55DB1 X-CRM114-Status: GOOD ( 22.54 ) X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-scsi@vger.kernel.org, rtc-linux@googlegroups.com, linux-gpio@vger.kernel.org, linux-iio@vger.kernel.org, linux-pci@vger.kernel.org, linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, linux-mtd@lists.infradead.org, linux-input@vger.kernel.org, linux-fsdevel@vger.kernel.org, Logan Gunthorpe , linux-media@vger.kernel.org MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This is not as straightforward a conversion as the others in this series. These drivers did not originally make use of kobj.parent so they likely suffered from a use after free bug if someone unregistered the devices while they are being used. In order to make the conversions, switch from device_register to device_initialize / cdev_device_add. In build.c, this patch unwinds a complicated mess of extra get_device/put_devices and reference tracking by moving device_initialize early in the attach process. Then it always uses put_device and instead of using device_unregister and extra get_devices everywhere we just use cdev_device_del and one put_device once everything is completely done. This simplifies things dramatically and makes it easier to reason about. In vmt.c, the patch pushes device initialization up to the beginning of the device creation and then that function only needs to use put_device in the error path which simplifies things a good deal. Signed-off-by: Logan Gunthorpe --- drivers/mtd/ubi/build.c | 91 +++++++++---------------------------------------- drivers/mtd/ubi/vmt.c | 49 +++++++++----------------- 2 files changed, 33 insertions(+), 107 deletions(-) diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index 7751319..8bae373 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -421,41 +421,6 @@ static void dev_release(struct device *dev) } /** - * ubi_sysfs_init - initialize sysfs for an UBI device. - * @ubi: UBI device description object - * @ref: set to %1 on exit in case of failure if a reference to @ubi->dev was - * taken - * - * This function returns zero in case of success and a negative error code in - * case of failure. - */ -static int ubi_sysfs_init(struct ubi_device *ubi, int *ref) -{ - int err; - - ubi->dev.release = dev_release; - ubi->dev.devt = ubi->cdev.dev; - ubi->dev.class = &ubi_class; - ubi->dev.groups = ubi_dev_groups; - dev_set_name(&ubi->dev, UBI_NAME_STR"%d", ubi->ubi_num); - err = device_register(&ubi->dev); - if (err) - return err; - - *ref = 1; - return 0; -} - -/** - * ubi_sysfs_close - close sysfs for an UBI device. - * @ubi: UBI device description object - */ -static void ubi_sysfs_close(struct ubi_device *ubi) -{ - device_unregister(&ubi->dev); -} - -/** * kill_volumes - destroy all user volumes. * @ubi: UBI device description object */ @@ -471,27 +436,19 @@ static void kill_volumes(struct ubi_device *ubi) /** * uif_init - initialize user interfaces for an UBI device. * @ubi: UBI device description object - * @ref: set to %1 on exit in case of failure if a reference to @ubi->dev was - * taken, otherwise set to %0 * * This function initializes various user interfaces for an UBI device. If the * initialization fails at an early stage, this function frees all the - * resources it allocated, returns an error, and @ref is set to %0. However, - * if the initialization fails after the UBI device was registered in the - * driver core subsystem, this function takes a reference to @ubi->dev, because - * otherwise the release function ('dev_release()') would free whole @ubi - * object. The @ref argument is set to %1 in this case. The caller has to put - * this reference. + * resources it allocated, returns an error. * * This function returns zero in case of success and a negative error code in * case of failure. */ -static int uif_init(struct ubi_device *ubi, int *ref) +static int uif_init(struct ubi_device *ubi) { int i, err; dev_t dev; - *ref = 0; sprintf(ubi->ubi_name, UBI_NAME_STR "%d", ubi->ubi_num); /* @@ -508,20 +465,17 @@ static int uif_init(struct ubi_device *ubi, int *ref) return err; } + ubi->dev.devt = dev; + ubi_assert(MINOR(dev) == 0); cdev_init(&ubi->cdev, &ubi_cdev_operations); dbg_gen("%s major is %u", ubi->ubi_name, MAJOR(dev)); ubi->cdev.owner = THIS_MODULE; - err = cdev_add(&ubi->cdev, dev, 1); - if (err) { - ubi_err(ubi, "cannot add character device"); - goto out_unreg; - } - - err = ubi_sysfs_init(ubi, ref); + dev_set_name(&ubi->dev, UBI_NAME_STR "%d", ubi->ubi_num); + err = cdev_device_add(&ubi->cdev, &ubi->dev); if (err) - goto out_sysfs; + goto out_unreg; for (i = 0; i < ubi->vtbl_slots; i++) if (ubi->volumes[i]) { @@ -536,11 +490,7 @@ static int uif_init(struct ubi_device *ubi, int *ref) out_volumes: kill_volumes(ubi); -out_sysfs: - if (*ref) - get_device(&ubi->dev); - ubi_sysfs_close(ubi); - cdev_del(&ubi->cdev); + cdev_device_del(&ubi->cdev, &ubi->dev); out_unreg: unregister_chrdev_region(ubi->cdev.dev, ubi->vtbl_slots + 1); ubi_err(ubi, "cannot initialize UBI %s, error %d", @@ -559,8 +509,7 @@ static int uif_init(struct ubi_device *ubi, int *ref) static void uif_close(struct ubi_device *ubi) { kill_volumes(ubi); - ubi_sysfs_close(ubi); - cdev_del(&ubi->cdev); + cdev_device_del(&ubi->cdev, &ubi->dev); unregister_chrdev_region(ubi->cdev.dev, ubi->vtbl_slots + 1); } @@ -857,7 +806,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, int vid_hdr_offset, int max_beb_per1024) { struct ubi_device *ubi; - int i, err, ref = 0; + int i, err; if (max_beb_per1024 < 0 || max_beb_per1024 > MAX_MTD_UBI_BEB_LIMIT) return -EINVAL; @@ -919,6 +868,11 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, if (!ubi) return -ENOMEM; + device_initialize(&ubi->dev); + ubi->dev.release = dev_release; + ubi->dev.class = &ubi_class; + ubi->dev.groups = ubi_dev_groups; + ubi->mtd = mtd; ubi->ubi_num = ubi_num; ubi->vid_hdr_offset = vid_hdr_offset; @@ -995,7 +949,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, /* Make device "available" before it becomes accessible via sysfs */ ubi_devices[ubi_num] = ubi; - err = uif_init(ubi, &ref); + err = uif_init(ubi); if (err) goto out_detach; @@ -1045,8 +999,6 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, out_debugfs: ubi_debugfs_exit_dev(ubi); out_uif: - get_device(&ubi->dev); - ubi_assert(ref); uif_close(ubi); out_detach: ubi_devices[ubi_num] = NULL; @@ -1056,10 +1008,7 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, out_free: vfree(ubi->peb_buf); vfree(ubi->fm_buf); - if (ref) - put_device(&ubi->dev); - else - kfree(ubi); + put_device(&ubi->dev); return err; } @@ -1120,12 +1069,6 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway) if (ubi->bgt_thread) kthread_stop(ubi->bgt_thread); - /* - * Get a reference to the device in order to prevent 'dev_release()' - * from freeing the @ubi object. - */ - get_device(&ubi->dev); - ubi_debugfs_exit_dev(ubi); uif_close(ubi); diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c index 7ac78c1..85237cf 100644 --- a/drivers/mtd/ubi/vmt.c +++ b/drivers/mtd/ubi/vmt.c @@ -155,11 +155,10 @@ static void vol_release(struct device *dev) */ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) { - int i, err, vol_id = req->vol_id, do_free = 1; + int i, err, vol_id = req->vol_id; struct ubi_volume *vol; struct ubi_vtbl_record vtbl_rec; struct ubi_eba_table *eba_tbl = NULL; - dev_t dev; if (ubi->ro_mode) return -EROFS; @@ -168,6 +167,12 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) if (!vol) return -ENOMEM; + device_initialize(&vol->dev); + vol->dev.release = vol_release; + vol->dev.parent = &ubi->dev; + vol->dev.class = &ubi_class; + vol->dev.groups = volume_dev_groups; + spin_lock(&ubi->volumes_lock); if (vol_id == UBI_VOL_NUM_AUTO) { /* Find unused volume ID */ @@ -268,24 +273,13 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) /* Register character device for the volume */ cdev_init(&vol->cdev, &ubi_vol_cdev_operations); vol->cdev.owner = THIS_MODULE; - dev = MKDEV(MAJOR(ubi->cdev.dev), vol_id + 1); - err = cdev_add(&vol->cdev, dev, 1); - if (err) { - ubi_err(ubi, "cannot add character device"); - goto out_mapping; - } - - vol->dev.release = vol_release; - vol->dev.parent = &ubi->dev; - vol->dev.devt = dev; - vol->dev.class = &ubi_class; - vol->dev.groups = volume_dev_groups; + vol->dev.devt = MKDEV(MAJOR(ubi->cdev.dev), vol_id + 1); dev_set_name(&vol->dev, "%s_%d", ubi->ubi_name, vol->vol_id); - err = device_register(&vol->dev); + err = cdev_device_add(&vol->cdev, &vol->dev); if (err) { - ubi_err(ubi, "cannot register device"); - goto out_cdev; + ubi_err(ubi, "cannot add device"); + goto out_mapping; } /* Fill volume table record */ @@ -318,28 +312,17 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) * We have registered our device, we should not free the volume * description object in this function in case of an error - it is * freed by the release function. - * - * Get device reference to prevent the release function from being - * called just after sysfs has been closed. */ - do_free = 0; - get_device(&vol->dev); - device_unregister(&vol->dev); -out_cdev: - cdev_del(&vol->cdev); + cdev_device_del(&vol->cdev, &vol->dev); out_mapping: - if (do_free) - ubi_eba_destroy_table(eba_tbl); + ubi_eba_destroy_table(eba_tbl); out_acc: spin_lock(&ubi->volumes_lock); ubi->rsvd_pebs -= vol->reserved_pebs; ubi->avail_pebs += vol->reserved_pebs; out_unlock: spin_unlock(&ubi->volumes_lock); - if (do_free) - kfree(vol); - else - put_device(&vol->dev); + put_device(&vol->dev); ubi_err(ubi, "cannot create volume %d, error %d", vol_id, err); return err; } @@ -391,8 +374,8 @@ int ubi_remove_volume(struct ubi_volume_desc *desc, int no_vtbl) goto out_err; } - cdev_del(&vol->cdev); - device_unregister(&vol->dev); + cdev_device_del(&vol->cdev, &vol->dev); + put_device(&vol->dev); spin_lock(&ubi->volumes_lock); ubi->rsvd_pebs -= reserved_pebs;