From: "Danilo Krummrich" <dakr@kernel.org>
To: "Gui-Dong Han" <hanguidong02@gmail.com>
Cc: <gregkh@linuxfoundation.org>, <rafael@kernel.org>,
<linux-kernel@vger.kernel.org>, <baijiaju1990@gmail.com>,
"Qiu-ji Chen" <chenqiuji666@gmail.com>
Subject: Re: [PATCH v5] driver core: enforce device_lock for driver_match_device()
Date: Fri, 16 Jan 2026 12:54:25 +0100 [thread overview]
Message-ID: <DFPZS39MK07S.JKNF4YRCR3FH@kernel.org> (raw)
In-Reply-To: <20260113162843.12712-1-hanguidong02@gmail.com>
On Tue Jan 13, 2026 at 5:28 PM CET, Gui-Dong Han wrote:
> Currently, driver_match_device() is called from three sites. One site
> (__device_attach_driver) holds device_lock(dev), but the other two
> (bind_store and __driver_attach) do not. This inconsistency means that
> bus match() callbacks are not guaranteed to be called with the lock
> held.
>
> Fix this by introducing driver_match_device_locked(), which guarantees
> holding the device lock using a scoped guard. Replace the unlocked calls
> in bind_store() and __driver_attach() with this new helper. Also add a
> lock assertion to driver_match_device() to enforce this guarantee.
>
> This consistency also fixes a known race condition. The driver_override
> implementation relies on the device_lock, so the missing lock led to the
> use-after-free (UAF) reported in Bugzilla for buses using this field.
>
> Stress testing the two newly locked paths for 24 hours with
> CONFIG_PROVE_LOCKING and CONFIG_LOCKDEP enabled showed no UAF recurrence
> and no lockdep warnings.
>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220789
> Suggested-by: Qiu-ji Chen <chenqiuji666@gmail.com>
> Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
Applied to driver-core-linus, thanks!
next prev parent reply other threads:[~2026-01-16 11:54 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-13 16:28 [PATCH v5] driver core: enforce device_lock for driver_match_device() Gui-Dong Han
2026-01-13 16:35 ` Rafael J. Wysocki
2026-01-13 19:23 ` Danilo Krummrich
2026-01-16 7:34 ` Gui-Dong Han
2026-01-16 11:19 ` Greg KH
2026-01-16 11:38 ` Gui-Dong Han
2026-01-16 11:54 ` Danilo Krummrich [this message]
2026-01-20 13:22 ` Mark Brown
2026-01-20 13:30 ` Gui-Dong Han
2026-01-20 13:48 ` Mark Brown
2026-01-20 14:05 ` Gui-Dong Han
2026-01-21 8:55 ` Wang Jiayue
2026-01-21 8:57 ` Gui-Dong Han
2026-01-21 10:40 ` Danilo Krummrich
2026-01-21 11:02 ` Danilo Krummrich
2026-01-21 11:19 ` Greg KH
2026-01-21 12:49 ` Mark Brown
2026-01-21 12:50 ` Danilo Krummrich
2026-01-21 13:02 ` Will Deacon
2026-01-21 14:07 ` Danilo Krummrich
2026-01-21 13:03 ` Robin Murphy
2026-01-21 14:13 ` Danilo Krummrich
2026-01-21 13:22 ` Jiayue Wang
2026-01-20 15:03 ` Danilo Krummrich
2026-01-20 15:35 ` Mark Brown
2026-01-20 17:38 ` Mark Brown
2026-01-20 18:36 ` Danilo Krummrich
2026-01-20 20:05 ` Mark Brown
2026-01-20 21:18 ` Danilo Krummrich
2026-01-21 1:11 ` Danilo Krummrich
2026-01-21 7:18 ` Gui-Dong Han
2026-01-21 7:41 ` Gui-Dong Han
2026-01-21 7:56 ` Greg KH
2026-01-21 8:12 ` Greg KH
2026-01-21 9:54 ` Danilo Krummrich
2026-01-21 10:30 ` Greg KH
2026-01-20 15:23 ` Marek Szyprowski
2026-01-20 15:27 ` Mark Brown
2026-01-21 20:00 ` Jon Hunter
2026-01-21 21:42 ` Danilo Krummrich
2026-01-22 17:28 ` Jon Hunter
2026-01-22 17:55 ` Gui-Dong Han
2026-01-22 18:12 ` Danilo Krummrich
2026-01-22 18:58 ` Jon Hunter
2026-01-22 19:35 ` Danilo Krummrich
2026-01-23 13:57 ` Jon Hunter
2026-01-23 14:09 ` Danilo Krummrich
2026-01-23 14:29 ` Jon Hunter
2026-01-23 16:54 ` Danilo Krummrich
2026-01-23 18:53 ` Gui-Dong Han
2026-01-23 19:07 ` Danilo Krummrich
2026-01-27 14:58 ` Jon Hunter
2026-01-27 15:18 ` Danilo Krummrich
2026-01-27 14:53 ` Jon Hunter
2026-01-27 15:05 ` Gui-Dong Han
2026-01-21 7:40 ` David Heidelberg
2026-02-11 10:42 ` Alexander Stein
2026-02-11 13:56 ` Danilo Krummrich
2026-02-25 20:19 ` Cristian Marussi
2026-02-25 20:38 ` Danilo Krummrich
2026-02-26 8:54 ` Gatien CHEVALLIER
2026-02-26 11:15 ` Danilo Krummrich
2026-02-26 12:21 ` Cristian Marussi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DFPZS39MK07S.JKNF4YRCR3FH@kernel.org \
--to=dakr@kernel.org \
--cc=baijiaju1990@gmail.com \
--cc=chenqiuji666@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hanguidong02@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.