From: Dan Williams <dan.j.williams@intel.com>
To: nvdimm@lists.linux.dev
Cc: Yongqiang Liu <liuyongqiang13@huawei.com>,
Paul Cassella <cassella@hpe.com>, Ira Weiny <ira.weiny@intel.com>,
linux-cxl@vger.kernel.org
Subject: [PATCH 0/4] dax: Fix use after free and other cleanups
Date: Fri, 02 Jun 2023 23:13:48 -0700 [thread overview]
Message-ID: <168577282846.1672036.13848242151310480001.stgit@dwillia2-xfh.jf.intel.com> (raw)
As mentioned in patch3, the reference counting of dax_region objects is
needlessly complicated, has lead to confusion [1], and has hidden a bug
[2]. While testing the cleanup for those issues, a
CONFIG_DEBUG_KOBJECT_RELEASE test run uncovered a use-after-free in
dax_mapping_release(). Clean all of that up.
Thanks to Yongqiang, Paul, and Ira for their analysis.
[1]: http://lore.kernel.org/r/20221203095858.612027-1-liuyongqiang13@huawei.com
[2]: http://lore.kernel.org/r/3cf0890b-4eb0-e70e-cd9c-2ecc3d496263@hpe.com
---
Dan Williams (4):
dax: Fix dax_mapping_release() use after free
dax: Use device_unregister() in unregister_dax_mapping()
dax: Introduce alloc_dev_dax_id()
dax: Cleanup extra dax_region references
drivers/dax/bus.c | 64 +++++++++++++++++++++++++++------------------
drivers/dax/bus.h | 1 -
drivers/dax/cxl.c | 8 +-----
drivers/dax/dax-private.h | 4 ++-
drivers/dax/hmem/hmem.c | 8 +-----
drivers/dax/pmem.c | 7 +----
6 files changed, 44 insertions(+), 48 deletions(-)
base-commit: ac2263b588dffd3a1efd7ed0b156ea6c5aea200d
next reply other threads:[~2023-06-03 6:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-03 6:13 Dan Williams [this message]
2023-06-03 6:13 ` [PATCH 1/4] dax: Fix dax_mapping_release() use after free Dan Williams
2023-06-04 2:40 ` Ira Weiny
[not found] ` <CGME20230605204543uscas1p19d1b3a00134805c5c3e738dea4ee4728@uscas1p1.samsung.com>
2023-06-05 20:45 ` Fan Ni
2023-06-15 17:33 ` Dave Jiang
2023-06-03 6:13 ` [PATCH 2/4] dax: Use device_unregister() in unregister_dax_mapping() Dan Williams
2023-06-04 2:41 ` Ira Weiny
[not found] ` <CGME20230605204615uscas1p1931142de4b55be03c99f513b51dcb2fc@uscas1p1.samsung.com>
2023-06-05 20:46 ` Fan Ni
2023-06-15 17:34 ` Dave Jiang
2023-06-03 6:14 ` [PATCH 3/4] dax: Introduce alloc_dev_dax_id() Dan Williams
2023-06-04 2:57 ` Ira Weiny
2023-06-16 1:22 ` Dan Williams
2023-06-16 22:11 ` Ira Weiny
2023-06-03 6:14 ` [PATCH 4/4] dax: Cleanup extra dax_region references Dan Williams
2023-06-04 2:58 ` Ira Weiny
2023-06-06 17:46 ` Fan Ni
2023-06-06 20:42 ` Ira Weiny
2023-06-15 17:45 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=168577282846.1672036.13848242151310480001.stgit@dwillia2-xfh.jf.intel.com \
--to=dan.j.williams@intel.com \
--cc=cassella@hpe.com \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=liuyongqiang13@huawei.com \
--cc=nvdimm@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).