From: Wolfram Sang <wsa@the-dreams.de>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Lars-Peter Clausen <lars@metafoo.de>,
linux-mips@linux-mips.org,
Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
linux-kernel@vger.kernel.org, Julia Lawall <julia.lawall@lip6.fr>,
linux-arm-kernel@lists.infradead.org,
linuxppc-dev@lists.ozlabs.org, Jean Delvare <jdelvare@suse.de>
Subject: Re: [PATCH] i2c: drop ancient protection against sysfs refcounting issues
Date: Tue, 20 Jan 2015 12:35:08 +0100 [thread overview]
Message-ID: <20150120113508.GA1067@katana> (raw)
In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk>
[-- Attachment #1: Type: text/plain, Size: 2128 bytes --]
> > Right, and I'm not saying it should be, just move the existing logic
> > into the release callback, and the code flow should be the same and we
> > don't end up with an "empty" release callback.
But as Russell says, even if we don't have the empty callback, we still
create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there
before?
> IMHO there are two possibilities here:
>
> 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter
> does not complete until the release callback has been called.
>
> 2. fix it properly by taking (eg) the netdev approach to i2c_adapter,
> or an alternative solution which results in decoupling the lifetime
> of the struct device from the i2c_adapter.
>
> Either of these would be much better than removing the completion and
> then moving a chunk of code to make it "look" safer than it actually is
> and thereby introducing potential use-after-free bugs.
I agree. As much as I'd love option 2) I don't see that on the horizon.
So, let's keep things as they are. What probably makes sense is to
update the comment with something like this? I took the liberty and used
some wording from Russell:
diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
index e227dff62a85..1c89a08fae2a 100644
--- a/drivers/i2c/i2c-core.c
+++ b/drivers/i2c/i2c-core.c
@@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap)
/* device name is gone after device_unregister */
dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name);
- /* clean up the sysfs representation */
+ /* wait until all references to the device are gone
+ *
+ * FIXME: This is old code and should ideally be replaced by an
+ * alternative which results in decoupling the lifetime of the struct
+ * device from the i2c_adapter, like spi or netdev do.
+ */
init_completion(&adap->dev_released);
device_unregister(&adap->dev);
-
- /* wait for sysfs to drop all references */
wait_for_completion(&adap->dev_released);
/* free bus id */
Thanks for all the input, it is very much appreciated!
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Wolfram Sang <wsa@the-dreams.de>
To: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: linux-mips@linux-mips.org, Lars-Peter Clausen <lars@metafoo.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Pantelis Antoniou <pantelis.antoniou@konsulko.com>,
linux-kernel@vger.kernel.org, Julia Lawall <julia.lawall@lip6.fr>,
Jean Delvare <jdelvare@suse.de>,
linuxppc-dev@lists.ozlabs.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] i2c: drop ancient protection against sysfs refcounting issues
Date: Tue, 20 Jan 2015 12:35:08 +0100 [thread overview]
Message-ID: <20150120113508.GA1067@katana> (raw)
In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk>
[-- Attachment #1: Type: text/plain, Size: 2128 bytes --]
> > Right, and I'm not saying it should be, just move the existing logic
> > into the release callback, and the code flow should be the same and we
> > don't end up with an "empty" release callback.
But as Russell says, even if we don't have the empty callback, we still
create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there
before?
> IMHO there are two possibilities here:
>
> 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter
> does not complete until the release callback has been called.
>
> 2. fix it properly by taking (eg) the netdev approach to i2c_adapter,
> or an alternative solution which results in decoupling the lifetime
> of the struct device from the i2c_adapter.
>
> Either of these would be much better than removing the completion and
> then moving a chunk of code to make it "look" safer than it actually is
> and thereby introducing potential use-after-free bugs.
I agree. As much as I'd love option 2) I don't see that on the horizon.
So, let's keep things as they are. What probably makes sense is to
update the comment with something like this? I took the liberty and used
some wording from Russell:
diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
index e227dff62a85..1c89a08fae2a 100644
--- a/drivers/i2c/i2c-core.c
+++ b/drivers/i2c/i2c-core.c
@@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap)
/* device name is gone after device_unregister */
dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name);
- /* clean up the sysfs representation */
+ /* wait until all references to the device are gone
+ *
+ * FIXME: This is old code and should ideally be replaced by an
+ * alternative which results in decoupling the lifetime of the struct
+ * device from the i2c_adapter, like spi or netdev do.
+ */
init_completion(&adap->dev_released);
device_unregister(&adap->dev);
-
- /* wait for sysfs to drop all references */
wait_for_completion(&adap->dev_released);
/* free bus id */
Thanks for all the input, it is very much appreciated!
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: wsa@the-dreams.de (Wolfram Sang)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] i2c: drop ancient protection against sysfs refcounting issues
Date: Tue, 20 Jan 2015 12:35:08 +0100 [thread overview]
Message-ID: <20150120113508.GA1067@katana> (raw)
In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk>
> > Right, and I'm not saying it should be, just move the existing logic
> > into the release callback, and the code flow should be the same and we
> > don't end up with an "empty" release callback.
But as Russell says, even if we don't have the empty callback, we still
create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there
before?
> IMHO there are two possibilities here:
>
> 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter
> does not complete until the release callback has been called.
>
> 2. fix it properly by taking (eg) the netdev approach to i2c_adapter,
> or an alternative solution which results in decoupling the lifetime
> of the struct device from the i2c_adapter.
>
> Either of these would be much better than removing the completion and
> then moving a chunk of code to make it "look" safer than it actually is
> and thereby introducing potential use-after-free bugs.
I agree. As much as I'd love option 2) I don't see that on the horizon.
So, let's keep things as they are. What probably makes sense is to
update the comment with something like this? I took the liberty and used
some wording from Russell:
diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c
index e227dff62a85..1c89a08fae2a 100644
--- a/drivers/i2c/i2c-core.c
+++ b/drivers/i2c/i2c-core.c
@@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap)
/* device name is gone after device_unregister */
dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name);
- /* clean up the sysfs representation */
+ /* wait until all references to the device are gone
+ *
+ * FIXME: This is old code and should ideally be replaced by an
+ * alternative which results in decoupling the lifetime of the struct
+ * device from the i2c_adapter, like spi or netdev do.
+ */
init_completion(&adap->dev_released);
device_unregister(&adap->dev);
-
- /* wait for sysfs to drop all references */
wait_for_completion(&adap->dev_released);
/* free bus id */
Thanks for all the input, it is very much appreciated!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.infradead.org/pipermail/linux-arm-kernel/attachments/20150120/69ff1196/attachment.sig>
next prev parent reply other threads:[~2015-01-20 11:35 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-19 18:55 [PATCH] i2c: drop ancient protection against sysfs refcounting issues Wolfram Sang
2015-01-19 18:55 ` Wolfram Sang
2015-01-19 18:55 ` Wolfram Sang
2015-01-19 18:59 ` Pantelis Antoniou
2015-01-19 18:59 ` Pantelis Antoniou
2015-01-19 18:59 ` Pantelis Antoniou
2015-01-19 18:59 ` Pantelis Antoniou
2015-01-19 19:01 ` Greg Kroah-Hartman
2015-01-19 19:01 ` Greg Kroah-Hartman
2015-01-19 19:01 ` Greg Kroah-Hartman
2015-01-19 21:30 ` Wolfram Sang
2015-01-19 21:30 ` Wolfram Sang
2015-01-19 21:30 ` Wolfram Sang
2015-01-19 23:04 ` Russell King - ARM Linux
2015-01-19 23:04 ` Russell King - ARM Linux
2015-01-19 23:04 ` Russell King - ARM Linux
2015-01-20 1:41 ` Greg Kroah-Hartman
2015-01-20 1:41 ` Greg Kroah-Hartman
2015-01-20 1:41 ` Greg Kroah-Hartman
2015-01-20 7:05 ` Lars-Peter Clausen
2015-01-20 7:05 ` Lars-Peter Clausen
2015-01-20 7:05 ` Lars-Peter Clausen
2015-01-20 7:12 ` Greg Kroah-Hartman
2015-01-20 7:12 ` Greg Kroah-Hartman
2015-01-20 7:12 ` Greg Kroah-Hartman
2015-01-20 7:27 ` Lars-Peter Clausen
2015-01-20 7:27 ` Lars-Peter Clausen
2015-01-20 7:27 ` Lars-Peter Clausen
2015-01-20 10:17 ` Russell King - ARM Linux
2015-01-20 10:17 ` Russell King - ARM Linux
2015-01-20 10:17 ` Russell King - ARM Linux
2015-01-20 11:35 ` Wolfram Sang [this message]
2015-01-20 11:35 ` Wolfram Sang
2015-01-20 11:35 ` Wolfram Sang
2015-01-19 19:12 ` Russell King - ARM Linux
2015-01-19 19:12 ` Russell King - ARM Linux
2015-01-19 19:12 ` Russell King - ARM Linux
2015-01-19 19:39 ` Wolfram Sang
2015-01-19 19:39 ` Wolfram Sang
2015-01-19 19:39 ` Wolfram Sang
2015-01-19 20:01 ` Lars-Peter Clausen
2015-01-19 20:01 ` Lars-Peter Clausen
2015-01-19 20:01 ` Lars-Peter Clausen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150120113508.GA1067@katana \
--to=wsa@the-dreams.de \
--cc=gregkh@linuxfoundation.org \
--cc=jdelvare@suse.de \
--cc=julia.lawall@lip6.fr \
--cc=lars@metafoo.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux@arm.linux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=pantelis.antoniou@konsulko.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.