Block device disk management implementation can underflow rtems_disk_device.uses

[Kevin Gordon]

The source file discdevs.c contains logic error with regard to a rtems_disk_device.uses member, in that the .uses value can underflow and wrap-around because this member is unsigned and the implementation does not check for a current value of 0.

Case in point, see diskdevs.c line 373:

physical_disk->uses -= deleted_count;

If deleted_count is greater than physical_disk->uses, e.g. physical_disk->uses is 0 and deleted_count is 1, physical_disk->uses will underflow. There are other references to the uses member that can result in errors, e.g., line 448:

uses = --dd->uses;

We discovered this bug via a unit-test that creates multiple RAM disks and then attempts to delete them, without any uses, resulting in RTEMS errors because the uses member had wrapped around. To circumvent this bug, we had to force the uses member to a value of 1 prior to calling rtems_disk_release(), which then successfully deleted the RAM disks via rtems_disk_delete(), otherwise the results cascaded into error situations that were undesirable.

[Sebastian Huber]

This API is deprecated in RTEMS 5.1 and will be removed in RTEMS 6.1.

[Sebastian Huber]

If you want to get this fixed, then please send a patch to devel@…. I would avoid this API and use rtems_blkdev_create() and rtems_blkdev_create_partition() instead.

[Chris Johns]

Sebastian has recommended avoiding this API.