From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751994AbbCLAyY (ORCPT <rfc822;w@1wt.eu>);
	Wed, 11 Mar 2015 20:54:24 -0400
Received: from SpacedOut.fries.net ([67.64.210.234]:39430 "EHLO
	SpacedOut.fries.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751334AbbCLAyW (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 11 Mar 2015 20:54:22 -0400
Date: Wed, 11 Mar 2015 19:54:09 -0500
From: David Fries <david@fries.net>
To: Evgeniy Polyakov <zbr@ioremap.net>
Cc: Thorsten Bschorr <thorsten@bschorr.de>,
        Jonathan ALIBERT <jonathan.alibert@gmail.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Avoid null-pointer access in w1/slaves/w1_therm
Message-ID: <20150312005408.GD23778@spacedout.fries.net>
References: <20150228201737.GU6151@spacedout.fries.net>
 <369891425174502@web4m.yandex.ru>
 <20150301021744.GW6151@spacedout.fries.net>
 <CA+1k2cGtXOZeEPsLtvfowe7XBskXDYgVM-GKUTacYi47971ffw@mail.gmail.com>
 <20150302001713.GA6151@spacedout.fries.net>
 <4333121425483401@web21m.yandex.ru>
 <20150308211449.GG11991@spacedout.fries.net>
 <CA+1k2cGkx91a5_bjmkg1Z72MS0muNKJL66EGvYk0vPNGDB6QGA@mail.gmail.com>
 <20150309230924.GJ11991@spacedout.fries.net>
 <2663771425995520@web30h.yandex.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2663771425995520@web30h.yandex.ru>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.5.11 (SpacedOut.fries.net [127.0.0.1]); Wed, 11 Mar 2015 19:54:12 -0500 (CDT)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 10, 2015 at 04:52:00PM +0300, Evgeniy Polyakov wrote:
> Hi
> 
> 10.03.2015, 02:09, "David Fries" <david@fries.net>:
> 
> > diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
> > index 1f11a20..39a9e6a 100644
> > --- a/drivers/w1/slaves/w1_therm.c
> > +++ b/drivers/w1/slaves/w1_therm.c
> > @@ -59,9 +59,20 @@ MODULE_ALIAS("w1-family-" __stringify(W1_THERM_DS28EA00));
> >  static int w1_strong_pullup = 1;
> >  module_param_named(strong_pullup, w1_strong_pullup, int, 0);
> >
> > +struct w1_therm_family_data {
> > + uint8_t rom[9];
> > + struct mutex lock;
> > +};
> 
> This approach will not scale to other w1 families, I would rather prefer solutions on w1 level,
> not in particular drivers. What if we drop slave reference counter at all in favor of automatic sysfs device management?

I looked and didn't see any of the other slaves dropping the lock and
being in this situation, but that doesn't mean they won't in the
future.  Personally I'm just using netlink and don't plan on using any
of the slave drivers.

Would that be removing all four refcnt, w1_slave, w1_master,
w1_family, w1_cb_block, or just some of them?  It sounds good to me,
if that had bugs there would be much more than just the w1 system
relying on it.  I don't know enough about that system or have the time
to code up that change.

I can take another look at and post the reference counting w1_therm
fix instead of the mutex version as a near term work around until that
is available if you want.

-- 
David Fries <david@fries.net>    PGP pub CB1EE8F0
http://fries.net/~david/