From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3896846F for ; Mon, 13 Apr 2026 10:25:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776075916; cv=none; b=PQ2iLaCX0YvCmGM8fmlJ5CsZ2AV+tAZeJAcwIche+hIMSyguBZXO2H8wboGlunEfeEY/vdqxjtQFwbRMnJTjtCckvFqxIURtA/GJMbWAMQgZq5sb0rvoSelHwskAlhNeIy+LgndSKy+RCoTa0heX9HfuXDXwP560/E7+XrFriM4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776075916; c=relaxed/simple; bh=tirnI60t2LsfBYva0tZOm3rtvSohyY6FmeFwIA3hr7k=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=rWdx3U2NZcQkfKimkel1q7rMsbnkl4Hb+lEkZUsW0+J3jAtFha8qmI/IH9jXNWawsJCWNmAEN9lMWs7gBzYi1zaNZkolusTy56pzBBIp4hO2c6XyW03r63A4qHezv5T+5dQdvtXkungnGtk2T4logcVVs5nYqfby1DSyvzZXjCA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AUMmMlJr; arc=none smtp.client-ip=209.85.128.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AUMmMlJr" Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-488b150559bso33306995e9.1 for ; Mon, 13 Apr 2026 03:25:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776075913; x=1776680713; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=pFl65q515usiQqNs+3hHpKzGMqiV4DMQZG4ZKRqr8MY=; b=AUMmMlJrrHFDFUPjq0Lc2w9dijwVi+vgrXIgX5K77I/fAx0oVXIIvNblLOU+4CsfCc h/K3I43wWaadzEaXt2Y0R3++dJy3QseQVbAUC3HaaS92y6YoqUL/tens1xcq9nyqMnSI SHuvHGcnV8+4jjR1cN6CNt1A2J8SneX/65QcF3fj4nrfn50d2LU71jVZBltHkspxTKf7 k7/OjzKxvRJ1VkOM6tPoS1N8TAQwqZYdBUzt0tvzrnbaXF8s3P+SOKgNEltqjJfNP88a N5e1dzzKnIym6tPQiYMjJiKHVLiWoxObKNGgyUaiT1kreKgDOvdj0Vo/naiXL2SoKAUo odLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776075913; x=1776680713; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pFl65q515usiQqNs+3hHpKzGMqiV4DMQZG4ZKRqr8MY=; b=K6+fJWdNjJm/72mwdvMOT8iMWrbeBnvt9fNRplqJQBXZN+CvxTjd5EcQkcsW7AE6JB J3iyg6EpWw6xxSBNFP2taPfThllGansuP6HsMPrnv9OpImCxisYeEOIxtJ02v+k4TU0O Y+7u86hFd260Tw5hEVzqoMBMw8iMqCMl+AXKz4+9+0VBhP9IuCHofFV6BOaYhagUe7GF 9gxxUogKHTJjzE+YFmwevqr6E20FEmD0kZ9pPAbPSHNysOE5eHByMLv1LBMcdJFGyOP+ EPkuJJu59pt3hZ9WTF1RWp2QroSMLaYv4Vu2rsxrOFyoEfVBVJVJ+CW+nM7DZfilS9cN u2JA== X-Forwarded-Encrypted: i=1; AFNElJ/DISzJAejIkdFKcWl5Oeh5m2Iy4lAkIcQOid48MvUEwGonC+9abzEMY6eJavYmMU6tICxp1rAnsK3Cl9g=@vger.kernel.org X-Gm-Message-State: AOJu0YzEL7yCAuQOxEkVUESWKZ7eGANrGfDkwJ5pOQME/dLOHL/quyyd snAuCKotOSpMly0RKGz4lchPGgpFUuAAFQX87/ZT7TpPNHoeGiasiNtY X-Gm-Gg: AeBDieti2Drj1s225OKq3R6gD9ePZZlq/Dv/49xPgRntkbEPDQWSWLyQZ0SiATjblaH irEtx7q3EMcoTyTWb8A/+YyMfeTO68qLHc7/hqUGQjV6k5/4n8qa+nu+WnFjPHcyjWJ5iAL4iG3 5XI+RLkxbHDSKiOwOTH7JfGJo6QQmuSv1A2+Nbty4uVUoqI7dzyHuA4cIbMdYhiDJGHXrEgosJI xtkPy8mfD+roHgmWu76w8Wd1guAsDq1+KimchinsYG7dlVcwYfqnPNFFfgyEa0RI6m1+O09C9eT 4eyyI88SD+IIGuK6lEqo+E5rExN0+lDuBmoiVEKh/UNzhW3HUv2GhoWJ6KOGZXeuIObPqq26T2e Aswjsi152GbNDqLRa+RC1Ap7k2Z6Y4ngpPw/2FVwLB7SXUSRRPsdHvXvSkQkG1GwQz5b+Cqswvv vCfFGVtgKBhbPJvs4fE9k= X-Received: by 2002:a05:6000:18a8:b0:43d:71b:204b with SMTP id ffacd0b85a97d-43d642cd3a0mr17848829f8f.39.1776075911391; Mon, 13 Apr 2026 03:25:11 -0700 (PDT) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43d63e5c981sm33173904f8f.33.2026.04.13.03.25.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2026 03:25:10 -0700 (PDT) Date: Mon, 13 Apr 2026 13:25:07 +0300 From: Dan Carpenter To: Alexandru Hossu Cc: linux-tegra@vger.kernel.org, marvin24@gmx.de, gregkh@linuxfoundation.org, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 4/5] staging: nvec: fix pm_power_off teardown in tegra_nvec_remove() Message-ID: References: <20260412205057.386856-4-hossu.alexandru@gmail.com> <69dcbf4a.050a0220.1d6d81.c4df@mx.google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <69dcbf4a.050a0220.1d6d81.c4df@mx.google.com> On Mon, Apr 13, 2026 at 03:02:50AM -0700, Alexandru Hossu wrote: > On Mon, Apr 13, 2026, Dan Carpenter wrote: > > At this point, we're unloading the driver so nvec_power_handle is > > about to be freed. Is there any benefit to setting it to NULL? > > nvec_power_off() dereferences nvec_power_handle to send the power-off > command to the EC. If pm_power_off somehow gets reassigned to > nvec_power_off after our driver unloads (e.g. by a re-probe), the stale > nvec_power_handle would point to freed memory. I like to believe it's impossible to reprobe a driver before the rmmod has completed. I'm not going to check on this, I'm just going to take it on faith. :P > > Setting it to NULL makes the potential failure mode explicit rather than > a silent use-after-free. Since we are already inside the if() guard, > the cost is a single pointer store. So the bug here is that we're racing an rmmod against a poweroff and we trigger a bug. And the fix is to change the use after free bug into a NULL dereference. Both of rmmod and poweroff are privileged operations so you kind of get what you deserve if you do that. I understand that it costs nothing to do the nvec_power_handle = NULL; and if this were a new driver, I wouldn't comment on it. (Although I know other people who would). But for a new patch, I'm just not sold on this. It makes the patch more confusing for no benefit. regards, dan carpenter