Re: [PATCH] ubi: don't decrease ubi->ref_count on detach error

From: Daniel Golle
Date: Mon Nov 27 2023 - 17:07:05 EST

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH 32/52] perf dwarf-aux: Add die_find_variable_by_addr()"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH] perf tools: Add --debug-file option to redirect debug output"
In reply to: Richard Weinberger: "Re: [PATCH] ubi: don't decrease ubi->ref_count on detach error"
Next in thread: Daniel Golle: "[PATCH v2] ubi: don't decrease ubi->ref_count on detach error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Richard,

On Mon, Nov 27, 2023 at 09:25:58PM +0100, Richard Weinberger wrote:
> > If attempting to detach a UBI device while it is still busy, detaching
> > is refused. However, the reference counter is still being decreased
> > despite the error. Rework detach function to only decrease the refcnt
> > once all conditions for detachment are met.
> >
> > Fixes: cdfa788acd13 ("UBI: prepare attach and detach functions")
> > Signed-off-by: Daniel Golle <daniel@xxxxxxxxxxxxxx>
>
> Good catch! Did you find this by review or while testing?

I was working on simplifying the NVMEM-on-UBI code which includes
attaching UBI via MTD notifiers. You and others had rightously
criticized the sketchy situation of the 'remove' handler which has now
lead me to rework that part of my patches, which made me end up looking
at the ref_count logic and error path at some point it popped into my
eyes that this can't be right.

>
> > ---
> > drivers/mtd/ubi/build.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
> > index 7d4ff1193db6f..f47987ee9a31b 100644
> > --- a/drivers/mtd/ubi/build.c
> > +++ b/drivers/mtd/ubi/build.c
> > @@ -1099,16 +1099,16 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway)
> >
> > spin_lock(&ubi_devices_lock);
> > put_device(&ubi->dev);
> > - ubi->ref_count -= 1;
> > - if (ubi->ref_count) {
> > + if (ubi->ref_count > 1) {
>
> Is there a specific reason why you have modified the check to test only
> for ref_count being positive?

My idea was to really change only what I meant to change and make
that change the least intrusive possible.

> If rec_counts turns negative, due to a bug, we could still stop it here.

... here and in every other pleace where we touch it?
Adding new sanity checks to the code probably doesn't hurt but goes
beyond the scope of fixing this very bug, so I'll only do it there for
now.

>
> > if (!anyway) {
> > spin_unlock(&ubi_devices_lock);
> > return -EBUSY;
> > }
> > /* This may only happen if there is a bug */
> > ubi_err(ubi, "%s reference count %d, destroy anyway",
> > - ubi->ubi_name, ubi->ref_count);
> > + ubi->ubi_name, ubi->ref_count - 1);
> > }
> > + ubi->ref_count -= 1;
>
> Please add there an ubi_asert() which tests whether ref_count is really zero.
> ...just to be more bullet proof.

That makes sense, now that it became clear that ref_count wasn't
trustable for more than a decade, let's better make sure it is now.

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH 32/52] perf dwarf-aux: Add die_find_variable_by_addr()"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH] perf tools: Add --debug-file option to redirect debug output"
In reply to: Richard Weinberger: "Re: [PATCH] ubi: don't decrease ubi->ref_count on detach error"
Next in thread: Daniel Golle: "[PATCH v2] ubi: don't decrease ubi->ref_count on detach error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]