From mboxrd@z Thu Jan 1 00:00:00 1970 Received: with ECARTIS (v1.0.0; list linux-mips); Tue, 20 Jan 2015 12:35:16 +0100 (CET) Received: from sauhun.de ([89.238.76.85]:37018 "EHLO pokefinder.org" rhost-flags-OK-OK-OK-OK) by eddie.linux-mips.org with ESMTP id S27011153AbbATLfOqvCuX (ORCPT ); Tue, 20 Jan 2015 12:35:14 +0100 Received: from p4fe24acf.dip0.t-ipconnect.de ([79.226.74.207]:52219 helo=localhost) by pokefinder.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1YDX5R-00083n-Ot; Tue, 20 Jan 2015 12:35:10 +0100 Date: Tue, 20 Jan 2015 12:35:08 +0100 From: Wolfram Sang To: Russell King - ARM Linux Cc: Greg Kroah-Hartman , Lars-Peter Clausen , linux-mips@linux-mips.org, Pantelis Antoniou , linux-kernel@vger.kernel.org, Julia Lawall , linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, Jean Delvare Subject: Re: [PATCH] i2c: drop ancient protection against sysfs refcounting issues Message-ID: <20150120113508.GA1067@katana> References: <1421693756-12917-1-git-send-email-wsa@the-dreams.de> <20150119190142.GA9451@kroah.com> <20150119230427.GH26493@n2100.arm.linux.org.uk> <20150120014159.GA3349@kroah.com> <54BDFE30.5090303@metafoo.de> <20150120071256.GA18983@kroah.com> <20150120101752.GI26493@n2100.arm.linux.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk> User-Agent: Mutt/1.5.23 (2014-03-12) Return-Path: X-Envelope-To: <"|/home/ecartis/ecartis -s linux-mips"> (uid 0) X-Orcpt: rfc822;linux-mips@linux-mips.org Original-Recipient: rfc822;linux-mips@linux-mips.org X-archive-position: 45365 X-ecartis-version: Ecartis v1.0.0 Sender: linux-mips-bounce@linux-mips.org Errors-to: linux-mips-bounce@linux-mips.org X-original-sender: wsa@the-dreams.de Precedence: bulk List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: linux-mips X-List-ID: linux-mips List-subscribe: List-owner: List-post: List-archive: X-list: linux-mips --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > > Right, and I'm not saying it should be, just move the existing logic > > into the release callback, and the code flow should be the same and we > > don't end up with an "empty" release callback. But as Russell says, even if we don't have the empty callback, we still create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there before? > IMHO there are two possibilities here: >=20 > 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter > does not complete until the release callback has been called. >=20 > 2. fix it properly by taking (eg) the netdev approach to i2c_adapter, > or an alternative solution which results in decoupling the lifetime > of the struct device from the i2c_adapter. >=20 > Either of these would be much better than removing the completion and > then moving a chunk of code to make it "look" safer than it actually is > and thereby introducing potential use-after-free bugs. I agree. As much as I'd love option 2) I don't see that on the horizon. So, let's keep things as they are. What probably makes sense is to update the comment with something like this? I took the liberty and used some wording from Russell: diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c index e227dff62a85..1c89a08fae2a 100644 --- a/drivers/i2c/i2c-core.c +++ b/drivers/i2c/i2c-core.c @@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap) /* device name is gone after device_unregister */ dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name); =20 - /* clean up the sysfs representation */ + /* wait until all references to the device are gone + * + * FIXME: This is old code and should ideally be replaced by an + * alternative which results in decoupling the lifetime of the struct + * device from the i2c_adapter, like spi or netdev do. + */ init_completion(&adap->dev_released); device_unregister(&adap->dev); - - /* wait for sysfs to drop all references */ wait_for_completion(&adap->dev_released); =20 /* free bus id */ Thanks for all the input, it is very much appreciated! --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUvj1sAAoJEBQN5MwUoCm21voP/RGyoF9auSnOpttw4wFjoBJw n9t+N6mAo6eO5zpgZ748HRmP99HXZKCEnz7danIfgYddMRl4GAQe0JQdGh9lYbzM vbQ+tzJaWjFgyHrMpeVIRpEVs9C705Vwh1hnYA1omxTfJnhkQ4DpzePFvTsEC8R/ CLrDCdoRLemD3Dq1Zey9lfYNuHyysbzRN+Z5ztYIrlIPQ9Jj1crPFBPR2euipsLH v986DrvPPCJ0vU3FjeR7DVAiWi+3ap885zNs30xiRSMYuekUeFQJUMlPAj3WvXQF 7tIeGsvL7Cv7gckS8yq61Yf2ZyjC2zjga0/HeTKRp/bvTacF/hvKeLUyPlazJxxm oGWLIZYGSGau+/auJz+Af2cld3eiKjAq6nMHbQOu5cbuB5soyK/FlK1GfeFCP0AX 84EV5UmrFdo/LkaCvvTUIJy15kIRxUjU2r/Fdlr2WLeTnAECIqFuVBlAuc4UwAi2 B7Waf/pX7phVyuJdALXvzMiDtziMKchSyg3A1iuWnCFqicMBSJaXLVj9TONoPfYA MOiy4Y7a2fnvkapxu9YH8xV3Sj4TN2XCsoB9EYfYIK7kf9SA/r4/xAPGSKB1nQ41 ZJKvC4M3dnAAsZ3VwqesFKC8oKTy/gicr+dTFSbpFPlp2314dC86Fcqxnq+AIqco GaRpIu/Gy9u1+9zEPxPN =z8hT -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from pokefinder.org (sauhun.de [89.238.76.85]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 1444F1A0427 for ; Tue, 20 Jan 2015 22:35:20 +1100 (AEDT) Date: Tue, 20 Jan 2015 12:35:08 +0100 From: Wolfram Sang To: Russell King - ARM Linux Subject: Re: [PATCH] i2c: drop ancient protection against sysfs refcounting issues Message-ID: <20150120113508.GA1067@katana> References: <1421693756-12917-1-git-send-email-wsa@the-dreams.de> <20150119190142.GA9451@kroah.com> <20150119230427.GH26493@n2100.arm.linux.org.uk> <20150120014159.GA3349@kroah.com> <54BDFE30.5090303@metafoo.de> <20150120071256.GA18983@kroah.com> <20150120101752.GI26493@n2100.arm.linux.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk> Cc: linux-mips@linux-mips.org, Lars-Peter Clausen , Greg Kroah-Hartman , Pantelis Antoniou , linux-kernel@vger.kernel.org, Julia Lawall , Jean Delvare , linuxppc-dev@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > > Right, and I'm not saying it should be, just move the existing logic > > into the release callback, and the code flow should be the same and we > > don't end up with an "empty" release callback. But as Russell says, even if we don't have the empty callback, we still create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there before? > IMHO there are two possibilities here: >=20 > 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter > does not complete until the release callback has been called. >=20 > 2. fix it properly by taking (eg) the netdev approach to i2c_adapter, > or an alternative solution which results in decoupling the lifetime > of the struct device from the i2c_adapter. >=20 > Either of these would be much better than removing the completion and > then moving a chunk of code to make it "look" safer than it actually is > and thereby introducing potential use-after-free bugs. I agree. As much as I'd love option 2) I don't see that on the horizon. So, let's keep things as they are. What probably makes sense is to update the comment with something like this? I took the liberty and used some wording from Russell: diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c index e227dff62a85..1c89a08fae2a 100644 --- a/drivers/i2c/i2c-core.c +++ b/drivers/i2c/i2c-core.c @@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap) /* device name is gone after device_unregister */ dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name); =20 - /* clean up the sysfs representation */ + /* wait until all references to the device are gone + * + * FIXME: This is old code and should ideally be replaced by an + * alternative which results in decoupling the lifetime of the struct + * device from the i2c_adapter, like spi or netdev do. + */ init_completion(&adap->dev_released); device_unregister(&adap->dev); - - /* wait for sysfs to drop all references */ wait_for_completion(&adap->dev_released); =20 /* free bus id */ Thanks for all the input, it is very much appreciated! --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUvj1sAAoJEBQN5MwUoCm21voP/RGyoF9auSnOpttw4wFjoBJw n9t+N6mAo6eO5zpgZ748HRmP99HXZKCEnz7danIfgYddMRl4GAQe0JQdGh9lYbzM vbQ+tzJaWjFgyHrMpeVIRpEVs9C705Vwh1hnYA1omxTfJnhkQ4DpzePFvTsEC8R/ CLrDCdoRLemD3Dq1Zey9lfYNuHyysbzRN+Z5ztYIrlIPQ9Jj1crPFBPR2euipsLH v986DrvPPCJ0vU3FjeR7DVAiWi+3ap885zNs30xiRSMYuekUeFQJUMlPAj3WvXQF 7tIeGsvL7Cv7gckS8yq61Yf2ZyjC2zjga0/HeTKRp/bvTacF/hvKeLUyPlazJxxm oGWLIZYGSGau+/auJz+Af2cld3eiKjAq6nMHbQOu5cbuB5soyK/FlK1GfeFCP0AX 84EV5UmrFdo/LkaCvvTUIJy15kIRxUjU2r/Fdlr2WLeTnAECIqFuVBlAuc4UwAi2 B7Waf/pX7phVyuJdALXvzMiDtziMKchSyg3A1iuWnCFqicMBSJaXLVj9TONoPfYA MOiy4Y7a2fnvkapxu9YH8xV3Sj4TN2XCsoB9EYfYIK7kf9SA/r4/xAPGSKB1nQ41 ZJKvC4M3dnAAsZ3VwqesFKC8oKTy/gicr+dTFSbpFPlp2314dC86Fcqxnq+AIqco GaRpIu/Gy9u1+9zEPxPN =z8hT -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: wsa@the-dreams.de (Wolfram Sang) Date: Tue, 20 Jan 2015 12:35:08 +0100 Subject: [PATCH] i2c: drop ancient protection against sysfs refcounting issues In-Reply-To: <20150120101752.GI26493@n2100.arm.linux.org.uk> References: <1421693756-12917-1-git-send-email-wsa@the-dreams.de> <20150119190142.GA9451@kroah.com> <20150119230427.GH26493@n2100.arm.linux.org.uk> <20150120014159.GA3349@kroah.com> <54BDFE30.5090303@metafoo.de> <20150120071256.GA18983@kroah.com> <20150120101752.GI26493@n2100.arm.linux.org.uk> Message-ID: <20150120113508.GA1067@katana> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org > > Right, and I'm not saying it should be, just move the existing logic > > into the release callback, and the code flow should be the same and we > > don't end up with an "empty" release callback. But as Russell says, even if we don't have the empty callback, we still create the problem shown by DEBUG_KOBJECT_RELEASE which wasn't there before? > IMHO there are two possibilities here: > > 1. leave it as-is, where we ensure that the remainder of i2c_del_adapter > does not complete until the release callback has been called. > > 2. fix it properly by taking (eg) the netdev approach to i2c_adapter, > or an alternative solution which results in decoupling the lifetime > of the struct device from the i2c_adapter. > > Either of these would be much better than removing the completion and > then moving a chunk of code to make it "look" safer than it actually is > and thereby introducing potential use-after-free bugs. I agree. As much as I'd love option 2) I don't see that on the horizon. So, let's keep things as they are. What probably makes sense is to update the comment with something like this? I took the liberty and used some wording from Russell: diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c index e227dff62a85..1c89a08fae2a 100644 --- a/drivers/i2c/i2c-core.c +++ b/drivers/i2c/i2c-core.c @@ -1778,11 +1778,14 @@ void i2c_del_adapter(struct i2c_adapter *adap) /* device name is gone after device_unregister */ dev_dbg(&adap->dev, "adapter [%s] unregistered\n", adap->name); - /* clean up the sysfs representation */ + /* wait until all references to the device are gone + * + * FIXME: This is old code and should ideally be replaced by an + * alternative which results in decoupling the lifetime of the struct + * device from the i2c_adapter, like spi or netdev do. + */ init_completion(&adap->dev_released); device_unregister(&adap->dev); - - /* wait for sysfs to drop all references */ wait_for_completion(&adap->dev_released); /* free bus id */ Thanks for all the input, it is very much appreciated! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: