mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/virtio
History
Wolfram Sang af5818c351 virtio-mmio: don't break lifecycle of vm_dev 
[ Upstream commit 55c91fedd0 ]

vm_dev has a separate lifecycle because it has a 'struct device'
embedded. Thus, having a release callback for it is correct.

Allocating the vm_dev struct with devres totally breaks this protection,
though. Instead of waiting for the vm_dev release callback, the memory
is freed when the platform_device is removed. Resulting in a
use-after-free when finally the callback is to be called.

To easily see the problem, compile the kernel with
CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.

The fix is easy, don't use devres in this case.

Found during my research about object lifetime problems.

Fixes: 7eb781b1bb ("virtio_mmio: add cleanup for virtio_mmio_probe")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Message-Id: <20230629120526.7184-1-wsa+renesas@sang-engineering.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-08-23 17:52:29 +02:00
..
Kconfig virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
Makefile virtio: replace restricted mem access flag with callback 2022-08-01 07:42:49 +02:00
virtio.c virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
virtio_anchor.c virtio: replace restricted mem access flag with callback 2022-08-01 07:42:49 +02:00
virtio_balloon.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
virtio_dma_buf.c
virtio_input.c
virtio_mem.c mm: use is_zone_movable_page() helper 2022-07-29 18:07:20 -07:00
virtio_mmio.c virtio-mmio: don't break lifecycle of vm_dev 2023-08-23 17:52:29 +02:00
virtio_pci_common.c virtio_pci: use irq to detect interrupt support 2022-10-13 09:33:03 -04:00
virtio_pci_common.h virtio: Revert "virtio: find_vqs() add arg sizes" 2022-08-16 01:40:24 -04:00
virtio_pci_legacy.c virtio_pci: Revert "virtio_pci: support the arg sizes of find_vqs()" 2022-08-16 01:38:29 -04:00
virtio_pci_legacy_dev.c
virtio_pci_modern.c virtio_pci: modify ENOENT to EINVAL 2023-01-24 07:24:31 +01:00
virtio_pci_modern_dev.c virtio_pci: introduce helper to get/set queue reset 2022-08-11 04:06:40 -04:00
virtio_ring.c virtio_ring: don't update event idx on get_buf 2023-05-11 23:03:31 +09:00
virtio_vdpa.c virtio: Revert "virtio: find_vqs() add arg sizes" 2022-08-16 01:40:24 -04:00