From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Dave Jones <davej@redhat.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: weird use-after-free bug in module_put
Date: Fri, 19 Oct 2012 18:09:51 +0100 [thread overview]
Message-ID: <20121019170951.GM2616@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20121019163318.GA2152@core.coreip.homeip.net>
On Fri, Oct 19, 2012 at 09:33:18AM -0700, Dmitry Torokhov wrote:
> We are now removing instance of character device corresponding to input
> device when input device disappears.
>
> Ah, I know... cdev is embedded in evdev, but lives longer.. I do want to
> keep cdev embedded as it allows me to easily get to evdev in
> evdev_open(), but I need to be able to add and then drop reference to
> evdev from cdev's ->release() method. This means I need to override it.
>
> Or I could have cdev separately allocated, but then I'd like to have a
> void pointer in "struct cdev" so I could get from it back to
> corresponding evdev.
Your real problem is that you have two kobjects embedded into the same
thing. It can work, but you need to make the secondary (one that does
*not* free in its ->release()) pin the primary. Sigh... Device model
sucks, film at 11...
next prev parent reply other threads:[~2012-10-19 17:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-19 14:43 weird use-after-free bug in module_put Dave Jones
2012-10-19 15:34 ` Dave Jones
2012-10-19 16:33 ` Dmitry Torokhov
2012-10-19 17:09 ` Al Viro [this message]
2012-10-19 17:36 ` Dmitry Torokhov
2012-10-19 17:50 ` Al Viro
2012-10-19 18:12 ` Dmitry Torokhov
2012-10-21 7:24 ` [PATCH 1/2] char_dev: allow setting up and pinning parent devices Dmitry Torokhov
2012-10-21 7:24 ` [PATCH 2/2] Input: fix use-after-free introduced with dynamic minor changes Dmitry Torokhov
2012-10-21 7:39 ` [PATCH 1/2] char_dev: allow setting up and pinning parent devices Al Viro
2012-10-21 8:13 ` Dmitry Torokhov
2012-10-22 0:57 ` [PATCH 1/2] char_dev: pin parent kobject Dmitry Torokhov
2012-10-22 0:57 ` [PATCH 2/2] Input: fix use-after-free introduced with dynamic minor changes Dmitry Torokhov
2012-10-22 5:02 ` [PATCH 1/2] char_dev: pin parent kobject Linus Torvalds
2012-10-22 5:42 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121019170951.GM2616@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=davej@redhat.com \
--cc=dmitry.torokhov@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.