[0/4] dax: Fix use after free and other cleanups

Message

Dan Williams June 3, 2023, 6:13 a.m. UTC

As mentioned in patch3, the reference counting of dax_region objects is
needlessly complicated, has lead to confusion [1], and has hidden a bug
[2]. While testing the cleanup for those issues, a
CONFIG_DEBUG_KOBJECT_RELEASE test run uncovered a use-after-free in
dax_mapping_release(). Clean all of that up.

Thanks to Yongqiang, Paul, and Ira for their analysis.

[1]: http://lore.kernel.org/r/20221203095858.612027-1-liuyongqiang13@huawei.com
[2]: http://lore.kernel.org/r/3cf0890b-4eb0-e70e-cd9c-2ecc3d496263@hpe.com

---

Dan Williams (4):
      dax: Fix dax_mapping_release() use after free
      dax: Use device_unregister() in unregister_dax_mapping()
      dax: Introduce alloc_dev_dax_id()
      dax: Cleanup extra dax_region references


 drivers/dax/bus.c         |   64 +++++++++++++++++++++++++++------------------
 drivers/dax/bus.h         |    1 -
 drivers/dax/cxl.c         |    8 +-----
 drivers/dax/dax-private.h |    4 ++-
 drivers/dax/hmem/hmem.c   |    8 +-----
 drivers/dax/pmem.c        |    7 +----
 6 files changed, 44 insertions(+), 48 deletions(-)

base-commit: ac2263b588dffd3a1efd7ed0b156ea6c5aea200d