Re: [PATCH] platform/x86: int3472: Fix double free of GPIO device during unregister

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Hans de Goede <hansg@kernel.org>
Cc: "Dan Scally" <dan.scally@ideasonboard.com>,
	"Qiu Wenbo" <qiuwenbo@gnome.org>,
	"Daniel Scally" <djrscally@gmail.com>,
	"Qiu Wenbo" <qiuwenbo@kylinsec.com.cn>,
	platform-driver-x86@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
	"Sakari Ailus" <sakari.ailus@linux.intel.com>,
	"Andy Shevchenko" <andy@kernel.org>
Subject: Re: [PATCH] platform/x86: int3472: Fix double free of GPIO device during unregister
Date: Tue, 28 Oct 2025 16:47:26 +0200	[thread overview]
Message-ID: <aQDXfk1BZIxD4H8S@smile.fi.intel.com> (raw)
In-Reply-To: <492c05bf-bf0f-4cca-af3b-121fdffd05e8@kernel.org>

On Tue, Oct 28, 2025 at 03:36:56PM +0100, Hans de Goede wrote:
> On 28-Oct-25 12:38 PM, Andy Shevchenko wrote:
> > On Tue, Oct 28, 2025 at 11:09:12AM +0000, Dan Scally wrote:
> >> On 28/10/2025 10:54, Andy Shevchenko wrote:
> >>> On Tue, Oct 28, 2025 at 11:38:00AM +0100, Hans de Goede wrote:
> >>>> On 28-Oct-25 11:02 AM, Andy Shevchenko wrote:
> >>>>> On Tue, Oct 28, 2025 at 08:55:07AM +0000, Dan Scally wrote:
> >>>>>> On 24/10/2025 06:05, Qiu Wenbo wrote:

...

> >>>>>> However the Fixes tag I wonder about; devm_gpiod_get() will also result in a
> >>>>>> call to gpiod_put() when the module is unloaded; doesn't that mean that the
> >>>>>> same issue  will occur before that commit?
> >>>>>
> >>>>> Actually a good question! To me sounds like it's a bug(?) in regulator code.
> >>>>> It must not release resources it didn't acquire. This sounds like a clear
> >>>>> layering violation.
> >>>>
> >>>> I think the problem is that when it comes from devicetree it is acquired
> >>>> by the regulator core.
> >>>
> >>> Hmm... I probably missed that, but I failed to see this. Any pointers?
> >>
> >> They can come through the struct regulator_desc.of_parse_cb(), which is called in
> >> regulator_of_init_data(), from regulator_register(). For example: https://elixir.bootlin.com/linux/v6.17.5/source/drivers/power/supply/mt6370-charger.c#L234>
> > 
> > Ah, thank you, Dan, for the pointers. Indeed, that's how it's done. Hmm, still
> > why can't we let the regulator consumer to decide when to clean the resource?
> > I think this is an attempt to have a refcounting against shared GPIO resource
> > and it should be done in the GPIOLIB (if not yet). In regulator that put
> > call should probably be conditional (based on the source of GPIO request).
> 
> Fixing this sounds like a somewhat big undertaking. In the mean time
> I think we should move forward with this patch to fix the immediate
> issue with the double free.

And I am not objecting to apply this as you may see in the tags given so far.
In regard to the undertaking it seems in Bart's (GPIOLIB maintainer) TODO list.

-- 
With Best Regards,
Andy Shevchenko

     prev parent reply	other threads:[~2025-10-28 14:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-24  5:05 [PATCH] platform/x86: int3472: Fix double free of GPIO device during unregister Qiu Wenbo
2025-10-24  6:15 ` Andy Shevchenko
2025-10-24  7:25 ` Sakari Ailus
2025-10-28  6:30 ` [PATCH v2] " Qiu Wenbo
2025-10-28  9:34   ` Hans de Goede
2025-10-28 16:37   ` Ilpo Järvinen
2025-10-28  8:55 ` [PATCH] " Dan Scally
2025-10-28 10:02   ` Andy Shevchenko
2025-10-28 10:38     ` Hans de Goede
2025-10-28 10:54       ` Andy Shevchenko
2025-10-28 11:09         ` Dan Scally
2025-10-28 11:38           ` Andy Shevchenko
2025-10-28 14:36             ` Hans de Goede
2025-10-28 14:47               ` Andy Shevchenko [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aQDXfk1BZIxD4H8S@smile.fi.intel.com \
    --to=andriy.shevchenko@intel.com \
    --cc=andy@kernel.org \
    --cc=dan.scally@ideasonboard.com \
    --cc=djrscally@gmail.com \
    --cc=hansg@kernel.org \
    --cc=ilpo.jarvinen@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=qiuwenbo@gnome.org \
    --cc=qiuwenbo@kylinsec.com.cn \
    --cc=sakari.ailus@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.