| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <771902199.32600.1701116758852.JavaMail.zimbra@nod.at>
Date: Mon, 27 Nov 2023 21:25:58 +0100 (CET)
From: Richard Weinberger <richard@....at>
To: Daniel Golle <daniel@...rotopia.org>
Cc: Miquel Raynal <miquel.raynal@...tlin.com>,
Vignesh Raghavendra <vigneshr@...com>,
Artem Bityutskiy <Artem.Bityutskiy@...ia.com>,
linux-mtd <linux-mtd@...ts.infradead.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
John Crispin <john@...ozen.org>
Subject: Re: [PATCH] ubi: don't decrease ubi->ref_count on detach error
----- Ursprüngliche Mail -----
> Von: "Daniel Golle" <daniel@...rotopia.org>
> An: "richard" <richard@....at>, "Miquel Raynal" <miquel.raynal@...tlin.com>, "Vignesh Raghavendra" <vigneshr@...com>,
> "Artem Bityutskiy" <Artem.Bityutskiy@...ia.com>, "linux-mtd" <linux-mtd@...ts.infradead.org>, "linux-kernel"
> <linux-kernel@...r.kernel.org>
> CC: "John Crispin" <john@...ozen.org>
> Gesendet: Montag, 27. November 2023 18:09:14
> Betreff: [PATCH] ubi: don't decrease ubi->ref_count on detach error
> If attempting to detach a UBI device while it is still busy, detaching
> is refused. However, the reference counter is still being decreased
> despite the error. Rework detach function to only decrease the refcnt
> once all conditions for detachment are met.
>
> Fixes: cdfa788acd13 ("UBI: prepare attach and detach functions")
> Signed-off-by: Daniel Golle <daniel@...rotopia.org>
Good catch! Did you find this by review or while testing?
> ---
> drivers/mtd/ubi/build.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
> index 7d4ff1193db6f..f47987ee9a31b 100644
> --- a/drivers/mtd/ubi/build.c
> +++ b/drivers/mtd/ubi/build.c
> @@ -1099,16 +1099,16 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway)
>
> spin_lock(&ubi_devices_lock);
> put_device(&ubi->dev);
> - ubi->ref_count -= 1;
> - if (ubi->ref_count) {
> + if (ubi->ref_count > 1) {
Is there a specific reason why you have modified the check to test only
for ref_count being positive?
If rec_counts turns negative, due to a bug, we could still stop it here.
> if (!anyway) {
> spin_unlock(&ubi_devices_lock);
> return -EBUSY;
> }
> /* This may only happen if there is a bug */
> ubi_err(ubi, "%s reference count %d, destroy anyway",
> - ubi->ubi_name, ubi->ref_count);
> + ubi->ubi_name, ubi->ref_count - 1);
> }
> + ubi->ref_count -= 1;
Please add there an ubi_asert() which tests whether ref_count is really zero.
...just to be more bullet proof.
Thanks,
//richard
Powered by blists - more mailing lists