On Wed, Jan 03, 2024 at 11:16:23AM +0100, Ahmad Fatoum wrote: > blockdevice_unregister only calls devfs_remove on the root cdev and > leaves the partition cdevs dangling. This doesn't break until the > block device parent struct device is freed at which time, it will > iterate over its cdevs to free them. If there's partitions there, > list_del on the partitions triggers a use after free. > > This series fixes this by removing partitions whenever the master cdev > is deleted. > > Code has been this way since for ever, but virtio deletes its devices on > shutdown triggering this issue. As virtio isn't that critical, I think > it's ok to not go into master right away and sit in next first. Applied, thanks Sascha > > common/partitions.c | 12 +++++++---- > drivers/base/driver.c | 2 +- > drivers/of/partition.c | 16 +++++++-------- > fs/devfs-core.c | 45 +++++++++++++++++++++++++++--------------- > include/driver.h | 12 +++++++---- > lib/bootstrap/devfs.c | 2 +- > 6 files changed, 55 insertions(+), 34 deletions(-) > > -- > 2.39.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
