From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9871539A7FA for ; Wed, 24 Jun 2026 08:43:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782290639; cv=none; b=nkprvazjjou9qC6mtk6P4IfVutODZb3Grj7rcAgcrU/a79LHliKrUCtw7TT5rXJ0IS3YxuIAhowlICQJmDUrV5IDsX/3a6UF4NmIRuiz1yojiSMT2lc3HyFd48Ey1vX6B70JZb5Gc5imk7sAmG9Qgx8eylTZbR5xmtzGQCEcOPI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782290639; c=relaxed/simple; bh=72ZIe8iTM4iITlm9Dw7wQ3ka3uJNc9uE7sm/Qq+rOGM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TwlXEuuYVU3RvYpaFdbFBpldTdt+ZpJ4xepE5F+m+F51nOz4Sb3ZbJPZtlg0N/HKq+AP9Fxk5a/zSOb/1TpPAEnE6rMP08//0Vvjq04awQm8WcHAjyQn5cArI7Vbcikh6d4hNfGOQL8H5chzc2fqpzvJbaHgxfo/3mTJY5HZBKk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SN+VHmdU; arc=none smtp.client-ip=209.85.210.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SN+VHmdU" Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-8452a597afcso551793b3a.1 for ; Wed, 24 Jun 2026 01:43:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782290638; x=1782895438; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2LywRaryLfYIUziUYo8/cJX6WIM+4o6nZrLaP15WfeI=; b=SN+VHmdUkFVFzd8d+2WhNb7XqbDRoiLxSMEq5B8redmETRJdedegJkpuOXg+sv+6Me Zy4nWHvlF+XO7MJd1Ygg5+Ui4XB+XZS475C+xaYXH2JkFHaAWsKoxgR/84MK7rWwfSXl dOX9MPSEcwEcO95U2UPFrgNdSnSCLacaDnVRZSZnp4X+py0mZfjOXK2KU+S+JCtQSXnI tyS+zx6WN3CkE9DLkE+T0F/Qvn+xJsQS7nQ8pC+GHZdddFO4DnTTsUm1IX4QIKX37ytr dCKGk0KkNUDUQWWrSAm0Kl1pb9B1v/CPMPoCTHX/IxwQxOvOlLrKWHK74jxl7mOGQgHO uwzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782290638; x=1782895438; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2LywRaryLfYIUziUYo8/cJX6WIM+4o6nZrLaP15WfeI=; b=DaKvzT0Ftf6N9N/rrlharxnVPjvPGYXwk0nqG3ndQKlrEhxqf+4I8HYeVsoeGUD2ux NVuxrVn9qNOZ1iHjRhPtacsxr3BWIsPqsOkU1NGMguhexdud1fRfaaa4DEuTkBpZASOm rPEbG7f2chO+9EXreQ//cBkbaMD4m5q6Y5G/XljGg9IITD7qykhquw/xkNNWvZ4VpWoj Fm0auD44uBc9yJXH4asjVPnDoHTTQSLbU9vplyxEzAaok126Gndn20StS8AOUXBRD9cS 5BPS+WYZ+hmuBD4VEV5YjZkP3tTBmxox1iYOxH7k16AY2rhtJcTqtBWaTGCaomf/5RBH m+Xg== X-Forwarded-Encrypted: i=1; AFNElJ+Bz99cJBR1/KCe0oFfid6mFUKvCgIwGtQpQuR3poQ5J5/pIpnBQji7v88KtuKpDoaXbtdoGMgk9tdiRgY=@vger.kernel.org X-Gm-Message-State: AOJu0Yxll3+Iv/VFD9ZkbA8n4C6t8Hly66Vyr4/An+MsGUHrxl/SQoeu 4NUBg346z52YBhJaj2Cxw4YlmxRd9NlssTWsVqAeUhC7Cx7Mbj6NA9Kf X-Gm-Gg: AfdE7clKlaYkcVqYmP1uK+B2PKi9jSPdB3fjQpwZIjr2kyo8d6BbOYjxI4vZav8nYXo lcxjQqIAL8nIkq1MRKlnQOztRXUe1NhOGqeUCGG8S5WN2kzh/UPhX9jsa86p4WECLPdpPP22l1o Om0TsCmo1d3NVTXEIBE08Lsx5lJfRkf5EZLENhxaWSn1Wn6VaQiVFHzmynlla5eRQ96hDlEa5Gr BmPy22fwTP6/vFGv0Ld5AkYMElWd7iDYZvLRN/Vv31ooSaGtdhc6L6PniqwMvoGqxfBaTBedv1C FOHOkkcUbaz7Fg0H3PJ3WiQ/L9l/uTvp1GIwm1nzWThYwcvP+qcn1xaEbDC8mXzylq9dUHAZIDx sWEXE6oSDBZdxwoamuXuZGjwit0KULbuOKUnpq/HZqiNpP7mDdbWSTGXG91s4n2OuHexA2K6pB1 wjqslBWXI= X-Received: by 2002:a05:6a00:1bc9:b0:842:6e9f:9d3 with SMTP id d2e1a72fcca58-845625b764amr17467896b3a.43.1782290637810; Wed, 24 Jun 2026 01:43:57 -0700 (PDT) Received: from ubuntu.. ([138.199.21.246]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-845a40f05f9sm1554657b3a.42.2026.06.24.01.43.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jun 2026 01:43:57 -0700 (PDT) From: Jing Wu To: jirislaby@kernel.org Cc: gregkh@linuxfoundation.org, avorontsov@ru.mvista.com, alan@redhat.com, linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org, wangzhaolong@fnnas.com Subject: Re: [PATCH v5] serial: 8250: fix use-after-free in IRQ chain handling Date: Wed, 24 Jun 2026 16:43:52 +0800 Message-ID: <20260624084352.2978059-1-realwujing@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: <20260624-bug-221579-8250-shared-irq-race-v5-1-15d841f89e1e@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Qiliang Yuan On Wed, Jun 24, 2026 at 05:31:59AM +0200, Jiri Slaby wrote: > So what is the reason to switch from guards to manual locking? Scope-based guards release the lock at the end of the enclosing block, but the fix requires hash_mutex to be held across request_irq() and released at different exit points: 1. IS_ERR(i) -- release hash_mutex and return error. 2. Already in chain -- release i->lock, release hash_mutex, return 0. 3. First port, request_irq() fails -- cleanup under hash_mutex, then release it and return error. 4. First port, request_irq() succeeds -- release hash_mutex, return 0. These paths span different nesting levels and early returns, so scope guards cannot express the required lock lifecycle. The same applies to i->lock: it must be dropped before calling request_irq() (cannot hold a spinlock while sleeping), but hash_mutex must remain held across the call, which also breaks the guard model. Thanks, Qiliang