From: Dave Jiang <dave.jiang@intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: Vinod Koul <vkoul@kernel.org>, dmaengine@vger.kernel.org
Subject: Re: [PATCH v2] dmaengine: idxd: Do not use devm for 'struct device' object allocation
Date: Wed, 24 Feb 2021 11:17:55 -0700 [thread overview]
Message-ID: <e2bef74c-91fe-a0e7-c924-9bf1048eac92@intel.com> (raw)
In-Reply-To: <20210224180008.GL4247@nvidia.com>
On 2/24/2021 11:00 AM, Jason Gunthorpe wrote:
> On Wed, Feb 24, 2021 at 09:49:39AM -0800, Dan Williams wrote:
>
>>>> I'd say this is follow-on work post bug-fix for the current lifetime violation.
>>>>
>>>>> + kfree(idxd->msix_entries);
>>>>> + kfree(idxd->irq_entries);
>>>>> + kfree(idxd->int_handles);
>>>> These seem tied to the lifetime of the driver bind to the pci_device
>>>> not the conf_dev, or are those lines blurred here?
>>> Jason asked those to be not allocated by devm_* so there wouldn't be any
>>> inter-mixing of allocation methods and causing a mess.
>> Ok, it wasn't clear to me where the lines were drawn, so moving all to
>> the lowest common denominator lifetime makes sense.
> Usualy when I see things like this I ask why those are dedicated
> allocations too?
>
> It looks like msix_entries is usless, this could be a temp allocation
> during probe and the vector # stored in the irq_entries.
Ok.
>
> int_handles might like to be a flex array, not sure
>
> The other devm stuff looks questionable:
>
> rc = devm_request_threaded_irq(dev, msix->vector, idxd_irq_handler,
> idxd_misc_thread, 0, "idxd-misc",
> irq_entry);
>
> So we pass irq_entry which is not devm managed memory to the irq, but
> we don't remove the irq during the driver remove() function, so this
> could use-after free.
>
> However this is counter-acted by masking and synchronize_irq extra
> code.
>
> Looks to be a lot simpler/clearer to just skip devm and call release
> irq instead of the other stuff.
Ok, I'll add the cleanup for that as part of the removing devm_* calls.
>
> Jason
prev parent reply other threads:[~2021-02-24 18:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-24 15:44 [PATCH v2] dmaengine: idxd: Do not use devm for 'struct device' object allocation Dave Jiang
2021-02-24 17:07 ` Dan Williams
2021-02-24 17:32 ` Dave Jiang
2021-02-24 17:49 ` Dan Williams
2021-02-24 18:00 ` Jason Gunthorpe
2021-02-24 18:17 ` Dave Jiang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e2bef74c-91fe-a0e7-c924-9bf1048eac92@intel.com \
--to=dave.jiang@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dmaengine@vger.kernel.org \
--cc=jgg@nvidia.com \
--cc=vkoul@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).