From: Boris Brezillon <boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
To: Brian Norris <computersforpeace-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
linux-mtd-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Jonathan Corbet <corbet-T1hC0tSOHrs@public.gmane.org>,
linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Hartley Sweeten
<hsweeten-3FF4nKcrg1dE2c76skzGb0EOCMrvLtNR@public.gmane.org>,
Ryan Mallon <rmallon-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Shawn Guo <shawnguo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Sascha Hauer <kernel-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>,
Imre Kaloz <kaloz-p3rKhJxN3npAfugRpC6u6w@public.gmane.org>,
Krzysztof Halasa <khalasa-NlWvg49iv0c@public.gmane.org>,
Tony Lindgren <tony-4v6yS6AI5VpBDgjK7y7TUQ@public.gmane.org>,
linux-omap-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Alexander Clouter <alex-L4GPcECwBoDe9xe1eoZjHA@public.gmane.org>,
Thomas Petazzoni
<thomas.petazzoni-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>,
Gregory CLEMENT
<gregory.clement-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>,
Jason Cooper <jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org>,
Sebastian Hesselbarth
<sebastian.hesselbarth-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Andrew Lunn <andrew-g2DYL2Zd6BY@public.gmane.org>,
Daniel Mack <daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>,
Haojian Zhuang
<haojian.zhuang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Robert Jarzmik <robert.jarzmik-GANU6spQydw@public.gmane.org>,
Marek
Subject: Re: [PATCH v4 01/58] mtd: nand: denali: add missing nand_release() call in denali_remove()
Date: Fri, 11 Dec 2015 23:03:05 +0100 [thread overview]
Message-ID: <20151211230305.506e2071@bbrezillon> (raw)
In-Reply-To: <20151211004008.GQ144338-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Hi Brian,
On Thu, 10 Dec 2015 16:40:08 -0800
Brian Norris <computersforpeace-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Thu, Dec 10, 2015 at 08:59:45AM +0100, Boris Brezillon wrote:
> > Unregister the NAND device from the NAND subsystem when removing a denali
> > NAND controller, otherwise the MTD attached to the NAND device is still
> > exposed by the MTD layer, and accesses to this device will likely crash
> > the system.
> >
> > Signed-off-by: Boris Brezillon <boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
> > Cc: <stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> #3.8+
>
> Does this follow these rules, from
> Documentation/stable_kernel_rules.txt?
>
> - It must be obviously correct and tested.
>
> - It must fix a real bug that bothers people (not a, "This could be a
> problem..." type thing).
Sorry to bring the "stable or not stable (that is the question :-))"
debate back, but after thinking a bit more about the implications of
this missing nand_release() call, I think it is worth backporting the
fix to all stable kernels.
The reason is, it can potentially introduce a security hole, because if
the mtd device is not unregister but the underlying mtd object is freed
and the kernel reuses the same memory region for a different object,
the MTD layer will possibly call one of the mtd->_method() function,
and this field might point to another completely different function.
You'll say that denali devices are probably never removed and this is
the reason why people have never seen this problem before, which would
be a good reason to not bother backporting the patch.
But, given that the driver can be compiled as a module (the user can
possibly load/unload it, which will in turn create/destroy the
NAND/MTD device), and that the denali controller can be exposed through
a PCI bus (which, AFAIK is hotpluggable), I really think this fix
should be sent to stable.
Best Regards,
Boris
>
> > Fixes: 2a0a288ec258 ("mtd: denali: split the generic driver and PCI layer")
> > ---
> > drivers/mtd/nand/denali.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c
> > index 67eb2be..8feece3 100644
> > --- a/drivers/mtd/nand/denali.c
> > +++ b/drivers/mtd/nand/denali.c
> > @@ -1622,6 +1622,7 @@ EXPORT_SYMBOL(denali_init);
> > /* driver exit point */
> > void denali_remove(struct denali_nand_info *denali)
> > {
> > + nand_release(&denali->mtd);
> > denali_irq_cleanup(denali->irq, denali);
> > dma_unmap_single(denali->dev, denali->buf.dma_buf,
> > denali->mtd.writesize + denali->mtd.oobsize,
>
> It feels a bit odd to allow usage of MTD fields after it has been
> unregistered. Maybe precompute this before the nand_release()?
>
> Brian
--
Boris Brezillon, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
next prev parent reply other threads:[~2015-12-11 22:03 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-10 7:59 [PATCH v4 00/58] mtd: nand: refactor the NAND subsystem (part 1) Boris Brezillon
[not found] ` <1449734442-18672-1-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-10 7:59 ` [PATCH v4 01/58] mtd: nand: denali: add missing nand_release() call in denali_remove() Boris Brezillon
[not found] ` <1449734442-18672-2-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-11 0:40 ` Brian Norris
[not found] ` <20151211004008.GQ144338-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2015-12-11 13:53 ` Boris Brezillon
2015-12-11 14:39 ` Dan Carpenter
2015-12-11 15:15 ` Boris Brezillon
2015-12-11 22:03 ` Boris Brezillon [this message]
2015-12-11 22:11 ` Brian Norris
2015-12-11 14:02 ` [PATCH v5 " Boris Brezillon
[not found] ` <1449842554-29898-1-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-11 15:10 ` Boris Brezillon
2015-12-11 16:50 ` Dinh Nguyen
[not found] ` <CADhT+wcNFxD6Zv9w8W0sontVWa6zOkHjyK42Tw=Y_1X2XCTZfQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-11 17:08 ` Boris Brezillon
2015-12-11 17:21 ` Dinh Nguyen
2015-12-10 7:59 ` [PATCH v4 02/58] mtd: nand: fsmc: create and use mtd_to_fsmc() Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 03/58] mtd: nand: nuc900: create and use mtd_to_nuc900() Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 04/58] mtd: nand: omap2: create and use mtd_to_omap() Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 05/58] mtd: nand: ams-delta: use the mtd instance embedded in struct nand_chip Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 06/58] mtd: nand: atmel: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 07/58] mtd: nand: au1550nd: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 08/58] mtd: nand: bcm47xx: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 09/58] mtd: nand: bf5xx: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 10/58] mtd: nand: brcm: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 11/58] mtd: nand: cafe: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 12/58] mtd: nand: cmx270: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 13/58] mtd: nand: cs553x: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 14/58] mtd: nand: davinci: " Boris Brezillon
2015-12-10 7:59 ` [PATCH v4 15/58] mtd: nand: denali: " Boris Brezillon
[not found] ` <1449734442-18672-16-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-11 14:06 ` [PATCH v5 " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 16/58] mtd: nand: diskonchip: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 17/58] mtd: nand: docg4: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 18/58] mtd: nand: fsl_elbc: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 19/58] mtd: nand: fsl_ifc: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 20/58] mtd: nand: fsl_upm: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 21/58] mtd: nand: fsmc: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 22/58] mtd: nand: gpio: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 23/58] mtd: nand: gpmi: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 24/58] mtd: nand: hisi504: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 25/58] mtd: nand: jz4740: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 26/58] mtd: nand: lpc32xx: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 28/58] mtd: nand: mxc: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 29/58] mtd: nand: nandsim: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 31/58] mtd: nand: nuc900: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 32/58] mtd: nand: omap2: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 33/58] mtd: nand: orion: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 34/58] mtd: nand: pasemi: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 35/58] mtd: nand: plat: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 36/58] mtd: nand: pxa3xx: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 37/58] mtd: nand: r852: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 38/58] mtd: nand: s3c2410: " Boris Brezillon
[not found] ` <1449734442-18672-39-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-11 2:38 ` Krzysztof Kozlowski
2015-12-10 8:00 ` [PATCH v4 39/58] mtd: nand: sh_flctl: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 40/58] mtd: nand: sharpsl: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 41/58] mtd: nand: socrates: " Boris Brezillon
2015-12-11 14:04 ` [PATCH v5 " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 42/58] mtd: nand: sunxi: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 43/58] mtd: nand: tmio: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 44/58] mtd: nand: txx9ndfmc: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 45/58] mtd: nand: vf610: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 46/58] mtd: nand: update the documentation to reflect framework changes Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 47/58] staging: mt29f_spinand: use the mtd instance embedded in struct nand_chip Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 48/58] cris: nand: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 49/58] mtd: nand: update mtd_to_nand() Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 50/58] mtd: nand: remove useless mtd->priv = chip assignments Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 51/58] cris: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 52/58] staging: mt29f_spinand: remove useless mtd->priv = chip assignment Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 53/58] mtd: nand: simplify nand_dt_init() usage Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 54/58] mtd: nand: kill the chip->flash_node field Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 55/58] mtd: nand: add helpers to access ->priv Boris Brezillon
[not found] ` <1449734442-18672-56-git-send-email-boris.brezillon-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org>
2015-12-18 22:17 ` Brian Norris
2015-12-10 8:00 ` [PATCH v4 56/58] ARM: make use of nand_set/get_controller_data() helpers Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 57/58] mtd: nand: " Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 58/58] staging: mt29f_spinand: " Boris Brezillon
2015-12-18 22:03 ` [PATCH v4 00/58] mtd: nand: refactor the NAND subsystem (part 1) Brian Norris
2015-12-10 8:00 ` [PATCH v4 27/58] mtd: nand: mpc5121: use the mtd instance embedded in struct nand_chip Boris Brezillon
2015-12-10 8:00 ` [PATCH v4 30/58] mtd: nand: ndfc: " Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151211230305.506e2071@bbrezillon \
--to=boris.brezillon-wi1+55scjutkeb57/3fjtnbpr1lh4cv8@public.gmane.org \
--cc=alex-L4GPcECwBoDe9xe1eoZjHA@public.gmane.org \
--cc=andrew-g2DYL2Zd6BY@public.gmane.org \
--cc=computersforpeace-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=corbet-T1hC0tSOHrs@public.gmane.org \
--cc=daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=gregory.clement-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org \
--cc=haojian.zhuang-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=hsweeten-3FF4nKcrg1dE2c76skzGb0EOCMrvLtNR@public.gmane.org \
--cc=jason-NLaQJdtUoK4Be96aLqz0jA@public.gmane.org \
--cc=kaloz-p3rKhJxN3npAfugRpC6u6w@public.gmane.org \
--cc=kernel-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org \
--cc=khalasa-NlWvg49iv0c@public.gmane.org \
--cc=linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mtd-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-omap-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rmallon-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=robert.jarzmik-GANU6spQydw@public.gmane.org \
--cc=sebastian.hesselbarth-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=shawnguo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=thomas.petazzoni-wi1+55ScJUtKEb57/3fJTNBPR1lH4CV8@public.gmane.org \
--cc=tony-4v6yS6AI5VpBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).