From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88E222EB87F
	for <linux-kernel@vger.kernel.org>; Wed, 21 Jan 2026 07:56:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768982190; cv=none; b=iqnNWDNZzHbxKR6YxMqWrhHTqyVZ4We8K+Q06vbYKvIGtHpz2yEUt4wtqbGKj+V9rr2ucs8510V8/5EyboFqRwrpAc3NSHX4eEwyDzXKXWhW3GMUGU0sJzEo3iv+6RouP6D5Mppj9rru15h7gcAC4of4GwrovmyE3BY6l7yhoXQ=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768982190; c=relaxed/simple;
	bh=OAeReVbkZYNxu8ks914jYHZTLXvuMmGXWOOoDoXmGmg=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=Jlpo27IYnz9D6hiyeZtdtty1qEfFxp573f00RprPeiM7asD63aZHHdxC0O9Jfw05xfLaS71pJBXCAavnEvQqPcGQtOVAsQekHyB4dFSFJhFHTZ7SGouTbPcQzohpuWWAlnkRg4T8cEonpVpNjm2x0m50dqnTBJ5wtU79pmuGnuo=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=WMF1N9Gy; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="WMF1N9Gy"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91EA7C16AAE;
	Wed, 21 Jan 2026 07:56:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1768982189;
	bh=OAeReVbkZYNxu8ks914jYHZTLXvuMmGXWOOoDoXmGmg=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=WMF1N9Gyr7ZTxUJtCbRR2WpW8bj5XeZRguJJz9pvEgECFusjtv+VUVnw2CwulL4m5
	 QKO/XPeVLhraBIK6PnFY6wTnYslyQnIcdkTCsSYmEz5VonH2ZlyGfxgG9xvAVU6y7m
	 WJ85bKPwxj5w/NhFD9qoKshmZXUbMExgHEaZOUc0=
Date: Wed, 21 Jan 2026 08:56:26 +0100
From: Greg KH <gregkh@linuxfoundation.org>
To: Gui-Dong Han <hanguidong02@gmail.com>
Cc: Danilo Krummrich <dakr@kernel.org>, Mark Brown <broonie@kernel.org>,
	rafael@kernel.org, linux-kernel@vger.kernel.org,
	baijiaju1990@gmail.com, Qiu-ji Chen <chenqiuji666@gmail.com>,
	Aishwarya.TCV@arm.com, Marek Szyprowski <m.szyprowski@samsung.com>
Subject: Re: [PATCH v5] driver core: enforce device_lock for
 driver_match_device()
Message-ID: <2026012133-deploy-chief-3a7f@gregkh>
References: <20260113162843.12712-1-hanguidong02@gmail.com>
 <7ae38e31-ef31-43ad-9106-7c76ea0e8596@sirena.org.uk>
 <DFTIAPA8UQS6.355627T7K99R3@kernel.org>
 <4ec6cf46-990e-489c-836e-49124034b67f@sirena.org.uk>
 <DFTMTT15FX2W.3U49GQ0UMDWJ@kernel.org>
 <47a4290a-6e5b-4648-b798-e9d967b570b4@sirena.org.uk>
 <DFTQA8QQGD2G.10F1VGDBY86LL@kernel.org>
 <DFTV8S8O9IM0.VWPAOGC0OODC@kernel.org>
 <CALbr=LbqRixCSx-EpmK=mO9CRBqS2B-wR_CDM3QLVX4-Cgc-8Q@mail.gmail.com>
 <CALbr=LYKJsj6cbrDLA07qioKhWJcRj+gW8=bq5=4ZvpEe2c4Yg@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CALbr=LYKJsj6cbrDLA07qioKhWJcRj+gW8=bq5=4ZvpEe2c4Yg@mail.gmail.com>

On Wed, Jan 21, 2026 at 03:41:56PM +0800, Gui-Dong Han wrote:
> On Wed, Jan 21, 2026 at 3:18 PM Gui-Dong Han <hanguidong02@gmail.com> wrote:
> >
> > On Wed, Jan 21, 2026 at 9:11 AM Danilo Krummrich <dakr@kernel.org> wrote:
> > >
> > > On Tue Jan 20, 2026 at 10:18 PM CET, Danilo Krummrich wrote:
> > > > Anyways, this should work:
> > >
> > > I Just notied that I pasted the wrong diff, which was nonsense of course, since
> > > it just unlocks all the suppressed false positives. (Should not have sent it
> > > during a meeting. :)
> > >
> > > What I actually intended (not neat, but hopefully helps):
> >
> > Thanks for the updated diff.
> >
> > I tested it on my QEMU setup. Since I couldn't reproduce the hang
> > there, I didn't see any lockdep splats regarding the deadlock.
> > However, since the physical lock is removed, my PoCs successfully
> > triggered the UAF on both paths as expected.
> >
> > I did notice a lockdep warning during boot, which happens every time.
> > I suspect this is because faux_bus_init is an __init function, so we
> > are registering a key from memory that gets freed. This seems specific
> > to the debug code, but I'm pasting it below for reference.
> 
> I figured out the root cause.
> 
> The warning is triggered because faux_bus_root is a static object.
> lockdep_register_key() has a WARN_ON_ONCE(static_obj(key)) check that
> forbids registering keys residing in static memory. It is not about
> __init memory being freed.
> 
> Anyway, this is not a big deal and doesn't impact the testing results.

Ooh, nice catch.  Let me go make that a dynamic object.  It really
shouldn't be a static one, I hate static struct device usage, and
complain about it from everyone else.  So there's no reason I should
have used that myself :(

thanks,

greg k-h