Re: [PATCH] of: Rework and simplify phandle cache to use a fixed size

[Rob Herring <robh@kernel.org>]

On Thu, Dec 12, 2019 at 7:05 AM Sebastian Andrzej Siewior
<bigeasy@linutronix.de> wrote:
>
> On 2019-12-11 17:48:54 [-0600], Rob Herring wrote:
> > > -       if (phandle_cache) {
> > > -               if (phandle_cache[masked_handle] &&
> > > -                   handle == phandle_cache[masked_handle]->phandle)
> > > -                       np = phandle_cache[masked_handle];
> > > -               if (np && of_node_check_flag(np, OF_DETACHED)) {
> > > -                       WARN_ON(1); /* did not uncache np on node removal */
> > > -                       of_node_put(np);
> > > -                       phandle_cache[masked_handle] = NULL;
> > > -                       np = NULL;
> > > -               }
> > > +       if (phandle_cache[handle_hash] &&
> > > +           handle == phandle_cache[handle_hash]->phandle)
> > > +               np = phandle_cache[handle_hash];
> > > +       if (np && of_node_check_flag(np, OF_DETACHED)) {
> > > +               WARN_ON(1); /* did not uncache np on node removal */
> >
> > BTW, I don't think this check is even valid. If we failed to detach
> > and remove the node from the cache, then we could be accessing np
> > after freeing it.
>
> this is kmalloc()ed memory which is always valid. If the memory is
> already re-used then
>         handle == phandle_cache[handle_hash]->phandle
>
> will fail (the check, not the memory access itself).

There's a 1 in 2^32 chance it won't.

> If the check
> remains valid then you can hope for the OF_DETACHED flag to trigger the
> warning.

Keyword is hope.

To look at it another way. Do we need this check? It is in the "fast
path". There's a single location where we set OF_DETACHED and the
cache entry is removed at the same time. Also, if we do free the
node's memory, it also checks for OF_DETACHED. Previously, a free
wouldn't happen because we incremented the ref count on nodes in the
cache.

Rob