Crash after failed UBIFS mount

Sascha Hauer s.hauer at pengutronix.de
Wed Mar 2 02:00:34 PST 2016 

Hi Martin,

On Wed, Mar 02, 2016 at 10:24:43AM +0100, Dr.-Ing. Martin Däumler SYS TEC electronic GmbH wrote:
> Hello,
> 
> we encountered a problem of barebox tag 2015.05.0, which is also
> reproducible with tag 2016.01.0. Mounting an UBIFS file system partition
> fails (correctly) and barebox crashes while cleaning up. The call hierarchy
> is
> as follows:
> 
> -mount() (fs/fs.c:1243): try to mount ubifs partition; call
> register_device()
> --register_device() (drivers/base/driver.c:138):
> ---match() (drivers/base/driver.c:117): look for a suitable device driver
> ----device_probe() (drivers/base/driver.c:82): ubifs partition fails to
> mount due to corrupted LEB
> ----device_probe(): delete device's 'active' list ('list_del(&dev->active)')
> ---match(): set device driver to NULL and return -1 to register_device()
> --register_device(): return 0 (success) to mount()
> -mount(): check device driver and call unregister_device() due to invalid
> driver
> --unregister_device() (drivers/base/driver.c:180): delete device's 'active'
> list the second time -> crash
> 
> Barebox does not crash if drivers/base/driver.c:92, i.e., list deletion in
> device_probe(), is removed. Is the removal of the list deletion a valid
> solution or does this have side effects?

This should be fixed with the following patch which currently sits in
the master branch.

Sascha

-----------------------8<-------------------------------------

>From 46bb3a4d8490b318fbcfac7b69c217cec05d7a8f Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer at pengutronix.de>
Date: Mon, 8 Feb 2016 11:31:00 +0100
Subject: [PATCH] driver: Fix unregister device after device probe failure

When a device probe fails the device is removed from the active list.
If then the device is unregistered afterwards it is removed from the
active list again resulting in a crash. To fix this initialize the
devices active list entry when removing it from the active list.

Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
 drivers/base/driver.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/base/driver.c b/drivers/base/driver.c
index a70fbb2..c529296 100644
--- a/drivers/base/driver.c
+++ b/drivers/base/driver.c
@@ -101,6 +101,8 @@ int device_probe(struct device_d *dev)
 	}
 
 	list_del(&dev->active);
+	INIT_LIST_HEAD(&dev->active);
+
 	dev_err(dev, "probe failed: %s\n", strerror(-ret));
 
 	return ret;
@@ -258,6 +260,8 @@ static int device_probe_deferred(void)
 
 		list_for_each_entry_safe(dev, tmp, &deferred, active) {
 			list_del(&dev->active);
+			INIT_LIST_HEAD(&dev->active);
+
 			dev_dbg(dev, "re-probe device\n");
 			bus_for_each_driver(dev->bus, drv) {
 				if (match(drv, dev))
-- 
2.7.0

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list