From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Hamish Martin <hamish.martin@alliedtelesis.co.nz>,
"Rafael J. Wysocki" <rafael@kernel.org>
Cc: mika.westerberg@linux.intel.com, linus.walleij@linaro.org,
brgl@bgdev.pl, linux-gpio@vger.kernel.org,
linux-acpi@vger.kernel.org
Subject: Re: [PATCH] gpiolib: acpi: Move storage of acpi_gpio_chip
Date: Wed, 13 Mar 2024 13:26:54 +0200 [thread overview]
Message-ID: <ZfGNfucm2-izJBfd@smile.fi.intel.com> (raw)
In-Reply-To: <ZfGMNWtFrgsuUdLz@smile.fi.intel.com>
On Wed, Mar 13, 2024 at 01:21:25PM +0200, Andy Shevchenko wrote:
> On Wed, Mar 13, 2024 at 04:02:51PM +1300, Hamish Martin wrote:
> > A memory leak occurs in a scenario where an ACPI SSDT overlay is removed
> > and that is the trigger for the removal of the acpi_gpio_chip.
> > This occurs because we use the ACPI_HANDLE of the chip->parent as a
> > convenient location to tie the 'struct acpi_gpio_chip' to, using
> > acpi_attach_data().
> > This is fine in the usual case of removal of the 'struct acpi_gpio_chip'
> > via a call to acpi_gpiochip_remove() because usually the ACPI data is
> > still valid.
> > But in the case of an SSDT overlay removal, the ACPI data has been
> > marked as invalid before the removal code is triggered (see the setting
> > of the acpi_device handle to INVALID_ACPI_HANDLE in
> > acpi_scan_drop_device()). This means that by the time we execute
> > acpi_gpiochip_remove(), the handles are invalid and we are unable to
> > retrieve the 'struct acpi_gpio_chip' using acpi_get_data(). Unable to
> > get our data, we hit the failure case and see the following warning
> > logged:
> > Failed to retrieve ACPI GPIO chip
> > This means we also fail to kfree() the struct at the end of
> > acpi_gpiochip_remove().
> >
> > The fix is to no longer tie the acpi_gpio_chip data to the ACPI data,
> > but instead hang it directly from the 'struct gpio_chip' with a new
> > field. This decouples the lifecycle of the acpi_gpio_chip from the ACPI
> > data, and ties it to the gpio_chip. This seems a much better place since
> > they share a common lifecycle.
>
> Maybe in this case it's indeed better.
>
> > The general concept of attaching data to the ACPI objects may also need
> > revisiting in light of the issue this patch addresses. For instance
> > i2c_acpi_remove_space_handler() is vulnerable to a similar leak due to
> > using acpi_bus_get_private_data(), which just wraps acpi_attach_data().
> > This may need a more widespread change than is addressed in this patch.
>
> But with this it sounds to me that the root cause is like you said in ACPI
> removal device code, i.e. acpi_scan_drop_device. Shouldn't that be fixed first
> to be more clever?
> Or are you stating that basically acpi_bus_get_private_data() and concept of
> the private data is weak to the point that mostly become useless?
Another Q is how does the OF case survive similar flow (DT overlay removal)?
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2024-03-13 11:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 3:02 [PATCH] gpiolib: acpi: Move storage of acpi_gpio_chip Hamish Martin
2024-03-13 11:21 ` Andy Shevchenko
2024-03-13 11:26 ` Andy Shevchenko [this message]
2024-03-14 1:13 ` Hamish Martin
2024-03-14 13:18 ` andriy.shevchenko
2024-03-15 0:39 ` Hamish Martin
2024-03-18 10:52 ` andriy.shevchenko
2024-04-18 19:29 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfGNfucm2-izJBfd@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=brgl@bgdev.pl \
--cc=hamish.martin@alliedtelesis.co.nz \
--cc=linus.walleij@linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).