As mentioned in patch3, the reference counting of dax_region objects is needlessly complicated, has lead to confusion [1], and has hidden a bug [2]. While testing the cleanup for those issues, a CONFIG_DEBUG_KOBJECT_RELEASE test run uncovered a use-after-free in dax_mapping_release(). Clean all of that up.
Thanks to Yongqiang, Paul, and Ira for their analysis. [1]: http://lore.kernel.org/r/20221203095858.612027-1-liuyongqian...@huawei.com [2]: http://lore.kernel.org/r/3cf0890b-4eb0-e70e-cd9c-2ecc3d496...@hpe.com --- Dan Williams (4): dax: Fix dax_mapping_release() use after free dax: Use device_unregister() in unregister_dax_mapping() dax: Introduce alloc_dev_dax_id() dax: Cleanup extra dax_region references drivers/dax/bus.c | 64 +++++++++++++++++++++++++++------------------ drivers/dax/bus.h | 1 - drivers/dax/cxl.c | 8 +----- drivers/dax/dax-private.h | 4 ++- drivers/dax/hmem/hmem.c | 8 +----- drivers/dax/pmem.c | 7 +---- 6 files changed, 44 insertions(+), 48 deletions(-) base-commit: ac2263b588dffd3a1efd7ed0b156ea6c5aea200d
