iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55c91fedd0
linux/drivers/virtio
History
Wolfram Sang 55c91fedd0 virtio-mmio: don't break lifecycle of vm_dev 
vm_dev has a separate lifecycle because it has a 'struct device'
embedded. Thus, having a release callback for it is correct.

Allocating the vm_dev struct with devres totally breaks this protection,
though. Instead of waiting for the vm_dev release callback, the memory
is freed when the platform_device is removed. Resulting in a
use-after-free when finally the callback is to be called.

To easily see the problem, compile the kernel with
CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.

The fix is easy, don't use devres in this case.

Found during my research about object lifetime problems.

Fixes: 7eb781b1bb ("virtio_mmio: add cleanup for virtio_mmio_probe")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Message-Id: <20230629120526.7184-1-wsa+renesas@sang-engineering.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-10 15:24:27 -04:00
..
Kconfig virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
Makefile virtio: replace restricted mem access flag with callback 2022-08-01 07:42:49 +02:00
virtio_anchor.c virtio: replace restricted mem access flag with callback 2022-08-01 07:42:49 +02:00
virtio_balloon.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
virtio_dma_buf.c dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
virtio_input.c virtio: wrap config->reset calls 2022-01-14 18:50:52 -05:00
virtio_mem.c mm, treewide: redefine MAX_ORDER sanely 2023-04-05 19:42:46 -07:00
virtio_mmio.c virtio-mmio: don't break lifecycle of vm_dev 2023-08-10 15:24:27 -04:00
virtio_pci_common.c virtio_pci: use irq to detect interrupt support 2022-10-13 09:33:03 -04:00
virtio_pci_common.h virtio_pci: Optimize virtio_pci_device structure size 2023-06-27 10:47:08 -04:00
virtio_pci_legacy_dev.c virtio/virtio_pci_legacy_dev: ensure the correct return value 2022-01-14 18:50:53 -05:00
virtio_pci_legacy.c virtio_pci: Revert "virtio_pci: support the arg sizes of find_vqs()" 2022-08-16 01:38:29 -04:00
virtio_pci_modern_dev.c virtio: allow caller to override device DMA mask in vp_modern 2023-06-27 10:47:08 -04:00
virtio_pci_modern.c virtio: add VIRTIO_F_NOTIFICATION_DATA feature support 2023-04-21 03:02:35 -04:00
virtio_ring.c virtio: add VIRTIO_F_NOTIFICATION_DATA feature support 2023-04-21 03:02:35 -04:00
virtio_vdpa.c virtio-vdpa: Fix unchecked call to NULL set_vq_affinity 2023-06-27 10:47:08 -04:00
virtio.c driver core: make struct bus_type.uevent() take a const * 2023-01-27 13:45:52 +01:00