From: Logan Gunthorpe <logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
To: Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Dan Williams
<dan.j.williams-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Johannes Thumshirn <jthumshirn-l3A5Bk7waGM@public.gmane.org>,
Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>,
Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>,
Sajjan Vikas C <vikas.cha.sajjan-ZPxbGqLxI0U@public.gmane.org>,
Dmitry Torokhov
<dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Linus Walleij
<linus.walleij-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Alexandre Courbot
<gnurou-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Peter Huewe <peterhuewe-Mmb7MZpHnFY@public.gmane.org>,
Marcel Selhorst <tpmdd-yWjUBOtONefk1uMJSBkQmQ@public.gmane.org>,
Jarkko Sakkinen
<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>,
Olof Johansson <olof-nZhT3qVonbNeoWH0uzbU5w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Sean Hefty <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Hal Rosenstock
<hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Dmitry Vyukov <dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Parav Pandit
<pandit.parav-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Hartmut Knaack <k
Cc: linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
rtc-linux-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org,
linux-gpio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-iio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-nvdimm-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-mtd-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-input-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-media-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH v2 08/16] IB/ucm: utilize new cdev_device_add helper function
Date: Sat, 25 Feb 2017 23:38:09 -0700 [thread overview]
Message-ID: <1488091097-12328-9-git-send-email-logang@deltatee.com> (raw)
In-Reply-To: <1488091097-12328-1-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
The use after free is not triggerable here because the cdev holds
the module lock and the only device_unregister is only triggered by
module unload, however make the change for consistency.
To make this work the cdev_del needs to move out of the struct device
release function.
This cleans up the error path significantly and thus also fixes a minor
bug where the devnum would not be released if cdev_add failed.
Signed-off-by: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Signed-off-by: Logan Gunthorpe <logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
Reviewed-by: Logan Gunthorpe <logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
---
drivers/infiniband/core/ucm.c | 36 +++++++++++++++++++-----------------
1 file changed, 19 insertions(+), 17 deletions(-)
diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c
index e0a995b..c348701 100644
--- a/drivers/infiniband/core/ucm.c
+++ b/drivers/infiniband/core/ucm.c
@@ -1205,12 +1205,15 @@ static void ib_ucm_release_dev(struct device *dev)
struct ib_ucm_device *ucm_dev;
ucm_dev = container_of(dev, struct ib_ucm_device, dev);
- cdev_del(&ucm_dev->cdev);
+ kfree(ucm_dev);
+}
+
+static void ib_ucm_free_dev(struct ib_ucm_device *ucm_dev)
+{
if (ucm_dev->devnum < IB_UCM_MAX_DEVICES)
clear_bit(ucm_dev->devnum, dev_map);
else
clear_bit(ucm_dev->devnum - IB_UCM_MAX_DEVICES, overflow_map);
- kfree(ucm_dev);
}
static const struct file_operations ucm_fops = {
@@ -1266,7 +1269,9 @@ static void ib_ucm_add_one(struct ib_device *device)
if (!ucm_dev)
return;
+ device_initialize(&ucm_dev->dev);
ucm_dev->ib_dev = device;
+ ucm_dev->dev.release = ib_ucm_release_dev;
devnum = find_first_zero_bit(dev_map, IB_UCM_MAX_DEVICES);
if (devnum >= IB_UCM_MAX_DEVICES) {
@@ -1283,19 +1288,18 @@ static void ib_ucm_add_one(struct ib_device *device)
set_bit(devnum, dev_map);
}
+
cdev_init(&ucm_dev->cdev, &ucm_fops);
ucm_dev->cdev.owner = THIS_MODULE;
kobject_set_name(&ucm_dev->cdev.kobj, "ucm%d", ucm_dev->devnum);
- if (cdev_add(&ucm_dev->cdev, base, 1))
- goto err;
ucm_dev->dev.class = &cm_class;
ucm_dev->dev.parent = device->dma_device;
- ucm_dev->dev.devt = ucm_dev->cdev.dev;
- ucm_dev->dev.release = ib_ucm_release_dev;
+ ucm_dev->dev.devt = base;
+
dev_set_name(&ucm_dev->dev, "ucm%d", ucm_dev->devnum);
- if (device_register(&ucm_dev->dev))
- goto err_cdev;
+ if (cdev_device_add(&ucm_dev->cdev, &ucm_dev->dev))
+ goto err_devnum;
if (device_create_file(&ucm_dev->dev, &dev_attr_ibdev))
goto err_dev;
@@ -1304,15 +1308,11 @@ static void ib_ucm_add_one(struct ib_device *device)
return;
err_dev:
- device_unregister(&ucm_dev->dev);
-err_cdev:
- cdev_del(&ucm_dev->cdev);
- if (ucm_dev->devnum < IB_UCM_MAX_DEVICES)
- clear_bit(devnum, dev_map);
- else
- clear_bit(devnum, overflow_map);
+ cdev_device_del(&ucm_dev->cdev, &ucm_dev->dev);
+err_devnum:
+ ib_ucm_free_dev(ucm_dev);
err:
- kfree(ucm_dev);
+ put_device(&ucm_dev->dev);
return;
}
@@ -1323,7 +1323,9 @@ static void ib_ucm_remove_one(struct ib_device *device, void *client_data)
if (!ucm_dev)
return;
- device_unregister(&ucm_dev->dev);
+ cdev_device_del(&ucm_dev->cdev, &ucm_dev->dev);
+ ib_ucm_free_dev(ucm_dev);
+ put_device(&ucm_dev->dev);
}
static CLASS_ATTR_STRING(abi_version, S_IRUGO,
--
2.1.4
next prev parent reply other threads:[~2017-02-26 6:38 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-26 6:38 [PATCH v2 00/16] Cleanup chardev instances with helper function Logan Gunthorpe
[not found] ` <1488091097-12328-1-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-26 6:38 ` [PATCH v2 01/16] chardev: add helper function to register char devs with a struct device Logan Gunthorpe
[not found] ` <1488091097-12328-2-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-26 18:21 ` Dan Williams
[not found] ` <CAPcyv4i91_esBtBxbnDH3ZDd8Mnz4HoJEW2yeEvQ4QikFBjapA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-27 16:56 ` Jason Gunthorpe
[not found] ` <20170227165618.GE5891-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-02-28 3:27 ` Logan Gunthorpe
[not found] ` <7df6e57b-531c-1b23-05bf-c368df2d20f3-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-28 3:36 ` Dan Williams
[not found] ` <CAPcyv4jiPE1jK9ubbsAm_ZNMt=S106NCpXD4KPUWpcK9_GEDJA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-28 5:31 ` Greg Kroah-Hartman
2017-02-27 9:01 ` Hans Verkuil
2017-02-27 9:47 ` Alexandre Belloni
2017-02-26 6:38 ` [PATCH v2 02/16] device-dax: fix cdev leak Logan Gunthorpe
[not found] ` <1488091097-12328-3-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-26 18:22 ` Dan Williams
2017-02-26 6:38 ` [PATCH v2 03/16] device-dax: utilize new cdev_device_add helper function Logan Gunthorpe
[not found] ` <1488091097-12328-4-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-26 22:31 ` Dan Williams
2017-02-26 6:38 ` [PATCH v2 04/16] input: " Logan Gunthorpe
[not found] ` <1488091097-12328-5-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-28 18:27 ` Dmitry Torokhov
2017-02-26 6:38 ` [PATCH v2 05/16] gpiolib: " Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 06/16] tpm-chip: " Logan Gunthorpe
[not found] ` <1488091097-12328-7-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-27 16:42 ` Jason Gunthorpe
2017-02-26 6:38 ` [PATCH v2 07/16] platform/chrome: cros_ec_dev - " Logan Gunthorpe
2017-02-26 6:38 ` Logan Gunthorpe [this message]
2017-02-26 6:38 ` [PATCH v2 09/16] infiniband: utilize the new cdev_set_parent function Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 10/16] iio:core: utilize new cdev_device_add helper function Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 11/16] media: " Logan Gunthorpe
[not found] ` <1488091097-12328-12-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-27 9:02 ` Hans Verkuil
[not found] ` <8eff8408-1681-a59d-3b61-8fd5dab73af1-FYB4Gu1CFyUAvxtiuMwx3w@public.gmane.org>
2017-03-04 22:57 ` Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 12/16] mtd: " Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 13/16] rapidio: " Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 14/16] rtc: " Logan Gunthorpe
[not found] ` <1488091097-12328-15-git-send-email-logang-OTvnGxWRz7hWk0Htik3J/w@public.gmane.org>
2017-02-27 9:46 ` Alexandre Belloni
2017-02-26 6:38 ` [PATCH v2 15/16] scsi: " Logan Gunthorpe
2017-02-26 6:38 ` [PATCH v2 16/16] switchtec: utilize new device_add_cdev " Logan Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488091097-12328-9-git-send-email-logang@deltatee.com \
--to=logang-otvngxwrz7hwk0htik3j/w@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=dan.j.williams-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dmitry.torokhov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=gnurou-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=jthumshirn-l3A5Bk7waGM@public.gmane.org \
--cc=leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=linus.walleij-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-gpio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-iio-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-input-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-media-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mtd-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-nvdimm-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org \
--cc=linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=olof-nZhT3qVonbNeoWH0uzbU5w@public.gmane.org \
--cc=pandit.parav-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=peterhuewe-Mmb7MZpHnFY@public.gmane.org \
--cc=rtc-linux-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=tpmdd-yWjUBOtONefk1uMJSBkQmQ@public.gmane.org \
--cc=vikas.cha.sajjan-ZPxbGqLxI0U@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).