From: Thomas Gleixner <tglx@linutronix.de>
To: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: linux-kernel@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>,
Marc Zyngier <marc.zyngier@arm.com>,
Linus Walleij <linus.walleij@linaro.org>
Subject: Re: [PATCH 2/2] genirq: proc: fix a procfs entry leak
Date: Fri, 25 Aug 2023 19:08:29 +0200 [thread overview]
Message-ID: <87sf87aw36.ffs@tglx> (raw)
In-Reply-To: <CAMRc=MdYteOxy87jdSEvBxnN7tx_J1X2aSsRzKZ6WKL31-ipmA@mail.gmail.com>
On Fri, Aug 25 2023 at 13:01, Bartosz Golaszewski wrote:
> On Fri, Aug 25, 2023 at 10:11 AM Thomas Gleixner <tglx@linutronix.de> wrote:
>> On Fri, Aug 25 2023 at 00:36, brgl@bgdev.pl wrote:
>> > On Thu, 24 Aug 2023 22:12:41 +0200, Thomas Gleixner <tglx@linutronix.de> said:
>> > Here a GPIO device - that is also an irq chip - is unbound (this is a testing
>> > module unbound during a test-case but it can be anything else, like an I2C
>> > expander for which the driver is unloaded) while some users called
>> > request_irq() on its interrupts (this is orthogonal to gpiod_get() and doesn't
>> > take a reference to the module, so nothing is stopping us from
>> > unloading it)
>>
>> You just described the real problem in this sentence. So why are you
>> trying to cure a symptom?
>
> Honestly I'm not following. Even if we did have a way of taking the
> reference to the underlying GPIO module (I'm 99% percent sure, it's
> not possible: we're not using any of the GPIO interfaces for that,
The point is that something frees an in-use interrupt descriptor, which
is obviously wrong to begin with.
Now you go and cure the symptom of a stale procfs file, but as I said
before this is the least of the worries.
Care to look at what free_irq() does and you might figure out why this
stale file is just an easy to observe symptom, but obviously not the
real problem.
This leaves an activated interrupt around with stale pointers to the
descriptor. The interrupt could be on the flight. The associated thread
could be running. There can be resources claimed via request_irq() which
will not be freed either. There can be management operations on the
interrupt in parallel.
A driver which successfully requests an interrupt can rightfully expect
that any management operation on the interrupt, e.g. disable(),
enable(), set_*() is valid until the point it invokes free_irq().
IOW, the descriptor including the associated interrupt chips (software
representation) in the hierarchy must be at least in a consistent state
and accessible. If the underlying hardware vanished, e.g. USB
disconnect, then still the software side must be intact. Of course an
disable_irq() won't reach the hardware anymore, but that's something the
relevant driver has to handle correctly.
So just claiming that it's fine to free in-use interrupts and everything
is greate by removing the procfs entries is just wishful thinking.
You simply cannot free an in-use interrupt descriptor and I'm going to
add a big fat warning into that code to that effect.
So if it turns out that this is a general problem, then we have to sit
down and solve it from ground up.
Thanks,
tglx
next prev parent reply other threads:[~2023-08-25 17:09 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-14 9:36 [PATCH 0/2] genirq: don't leak handler procfs entries Bartosz Golaszewski
2023-08-14 9:36 ` [PATCH 1/2] genirq: proc: drop unused argument from unregister_handler_proc() Bartosz Golaszewski
2023-08-14 9:36 ` [PATCH 2/2] genirq: proc: fix a procfs entry leak Bartosz Golaszewski
2023-08-24 20:12 ` Thomas Gleixner
2023-08-25 7:36 ` brgl
2023-08-25 8:11 ` Thomas Gleixner
2023-08-25 11:01 ` Bartosz Golaszewski
2023-08-25 14:58 ` Thomas Gleixner
2023-08-25 17:08 ` Thomas Gleixner [this message]
2023-08-25 20:07 ` Bartosz Golaszewski
2023-08-26 15:08 ` Thomas Gleixner
2023-08-28 10:06 ` Bartosz Golaszewski
2023-08-28 12:41 ` Thomas Gleixner
2023-08-28 19:03 ` Bartosz Golaszewski
2023-08-28 21:44 ` Thomas Gleixner
2023-08-29 6:26 ` Bartosz Golaszewski
2023-08-29 9:11 ` Thomas Gleixner
2023-08-29 12:24 ` Bartosz Golaszewski
2023-08-29 20:18 ` Greg Kroah-Hartman
2023-08-29 22:29 ` Thomas Gleixner
2023-09-06 14:54 ` Bartosz Golaszewski
2023-09-12 18:16 ` Thomas Gleixner
2023-09-15 19:50 ` Bartosz Golaszewski
2023-11-13 20:53 ` Bartosz Golaszewski
2023-11-14 12:27 ` Greg Kroah-Hartman
2023-11-14 13:25 ` Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sf87aw36.ffs@tglx \
--to=tglx@linutronix.de \
--cc=bartosz.golaszewski@linaro.org \
--cc=brgl@bgdev.pl \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox