Re: [PATCH] device-dax: fix cdev leak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 23, 2017 at 12:20 PM, Jason Gunthorpe
<jgunthorpe@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Feb 23, 2017 at 11:22:03AM -0800, Dan Williams wrote:
>> If device_add() fails, cleanup the cdev. Otherwise, we leak a kobj_map()
>> with a stale device number.
>>
>> Fixes: ba09c01d2fa8 ("dax: convert to the cdev api")
>> Cc: <stable@xxxxxxxxxxxxxxx>
>> Cc: Logan Gunthorpe <logang@xxxxxxxxxxxx>
>> Reported-by: Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
>>  drivers/dax/dax.c |    1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/dax/dax.c b/drivers/dax/dax.c
>> index ed758b74ddf0..0f8008dd0b0c 100644
>> +++ b/drivers/dax/dax.c
>> @@ -724,6 +724,7 @@ struct dax_dev *devm_create_dax_dev(struct dax_region *dax_region,
>>       dev_set_name(dev, "dax%d.%d", dax_region->id, dax_dev->id);
>>       rc = device_add(dev);
>>       if (rc) {
>> +             cdev_del(&dax_dev->cdev);
>
> This probably should call into unregister_dax_dev and just skip the
> device_unregister part.
>
> Once cdev_add returns it is possible for a mmap to have been created,
> so cleanup after that point has to go through all the other
> unregister_dax_dev steps.

Ah true. I was thinking the device node is not auto-created if the
device_add() fails, but there's theoretically nothing stopping
userspace from trying to hit this race with its own self-created
device-node.



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]