From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Hamish Martin <hamish.martin@alliedtelesis.co.nz>,
"Rafael J. Wysocki" <rafael@kernel.org>
Cc: mika.westerberg@linux.intel.com, linus.walleij@linaro.org,
brgl@bgdev.pl, linux-gpio@vger.kernel.org,
linux-acpi@vger.kernel.org
Subject: Re: [PATCH] gpiolib: acpi: Move storage of acpi_gpio_chip
Date: Wed, 13 Mar 2024 13:21:25 +0200 [thread overview]
Message-ID: <ZfGMNWtFrgsuUdLz@smile.fi.intel.com> (raw)
In-Reply-To: <20240313030251.1049624-1-hamish.martin@alliedtelesis.co.nz>
+Cc: Rafael
On Wed, Mar 13, 2024 at 04:02:51PM +1300, Hamish Martin wrote:
> A memory leak occurs in a scenario where an ACPI SSDT overlay is removed
> and that is the trigger for the removal of the acpi_gpio_chip.
> This occurs because we use the ACPI_HANDLE of the chip->parent as a
> convenient location to tie the 'struct acpi_gpio_chip' to, using
> acpi_attach_data().
> This is fine in the usual case of removal of the 'struct acpi_gpio_chip'
> via a call to acpi_gpiochip_remove() because usually the ACPI data is
> still valid.
> But in the case of an SSDT overlay removal, the ACPI data has been
> marked as invalid before the removal code is triggered (see the setting
> of the acpi_device handle to INVALID_ACPI_HANDLE in
> acpi_scan_drop_device()). This means that by the time we execute
> acpi_gpiochip_remove(), the handles are invalid and we are unable to
> retrieve the 'struct acpi_gpio_chip' using acpi_get_data(). Unable to
> get our data, we hit the failure case and see the following warning
> logged:
> Failed to retrieve ACPI GPIO chip
> This means we also fail to kfree() the struct at the end of
> acpi_gpiochip_remove().
>
> The fix is to no longer tie the acpi_gpio_chip data to the ACPI data,
> but instead hang it directly from the 'struct gpio_chip' with a new
> field. This decouples the lifecycle of the acpi_gpio_chip from the ACPI
> data, and ties it to the gpio_chip. This seems a much better place since
> they share a common lifecycle.
Maybe in this case it's indeed better.
> The general concept of attaching data to the ACPI objects may also need
> revisiting in light of the issue this patch addresses. For instance
> i2c_acpi_remove_space_handler() is vulnerable to a similar leak due to
> using acpi_bus_get_private_data(), which just wraps acpi_attach_data().
> This may need a more widespread change than is addressed in this patch.
But with this it sounds to me that the root cause is like you said in ACPI
removal device code, i.e. acpi_scan_drop_device. Shouldn't that be fixed first
to be more clever?
Or are you stating that basically acpi_bus_get_private_data() and concept of
the private data is weak to the point that mostly become useless?
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2024-03-13 11:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 3:02 [PATCH] gpiolib: acpi: Move storage of acpi_gpio_chip Hamish Martin
2024-03-13 11:21 ` Andy Shevchenko [this message]
2024-03-13 11:26 ` Andy Shevchenko
2024-03-14 1:13 ` Hamish Martin
2024-03-14 13:18 ` andriy.shevchenko
2024-03-15 0:39 ` Hamish Martin
2024-03-18 10:52 ` andriy.shevchenko
2024-04-18 19:29 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfGMNWtFrgsuUdLz@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=brgl@bgdev.pl \
--cc=hamish.martin@alliedtelesis.co.nz \
--cc=linus.walleij@linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox