2022-03-31 05:13:50

by Bumwoo Lee

[permalink] [raw]
Subject: [PATCH] extcon: modify extcon device to be created after driver data is set

Currently, someone can invoke the sysfs such as state_show()
intermittently before set_drvdata() is done.
And it can be a cause of kernel Oops because of edev is Null at that time.
So modified the driver registration to after setting drviver data.

- Oops's backtrace.

Backtrace:
[<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
[<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
[<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
[<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
[<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
[<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
[<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
[<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
[<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
[<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)

Signed-off-by: bumwoo lee <[email protected]>
---
drivers/extcon/extcon.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index d27cd9f88f86..74fee04bd764 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1224,18 +1224,13 @@ int extcon_dev_register(struct extcon_dev *edev)
edev->dev.type = &edev->extcon_dev_type;
}

- ret = device_register(&edev->dev);
- if (ret) {
- put_device(&edev->dev);
- goto err_dev;
- }
+ device_initialize(&edev->dev);

spin_lock_init(&edev->lock);
edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
sizeof(*edev->nh), GFP_KERNEL);
if (!edev->nh) {
ret = -ENOMEM;
- device_unregister(&edev->dev);
goto err_dev;
}

@@ -1251,9 +1246,14 @@ int extcon_dev_register(struct extcon_dev *edev)
list_add(&edev->entry, &extcon_dev_list);
mutex_unlock(&extcon_dev_list_lock);

+ ret = device_add(&edev->dev);
+ if (ret)
+ goto err_dev;
+
return 0;

err_dev:
+ put_device(&edev->dev);
if (edev->max_supported)
kfree(edev->extcon_dev_type.groups);
err_alloc_groups:
--
2.32.0


2022-04-27 03:54:27

by Bumwoo Lee

[permalink] [raw]
Subject: RE: [PATCH] extcon: modify extcon device to be created after driver data is set

Hi chanwoo.

Thank you for your review.

Actually, I thought the same thing as you first.
However, it was a problem because dev->devres_lock was not initialized and devm_kcalloc was used, and this patch was created instead of using kcalloc instead of devm_kcalloc.

In your opinion, if I use kcalloc instead of devm_kcalloc, there will be no problem.
But, I think the code of the following part should be supplemented.

1. alloc edev->nh when edev->max_supported is none zero.
@@ -1224,19 +1224,14 @@ int extcon_dev_register(struct extcon_dev *edev)
+ if (edev->max_supported) {
+ edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
+ GFP_KERNEL);
+ if (!edev->nh) {
+ ret = -ENOMEM;
+ goto err_alloc_nh;
+ }
}
2. free evdev->nh when device unregister.
@@ -1314,6 +1318,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
if (edev->max_supported) {
kfree(edev->extcon_dev_type.groups);
kfree(edev->cables);
+ kfree(edev->nh);
}

I will re-raise commit after testing.
Please let me know if you have additional concern.

Best Regards,
Bumwoo Lee.
-----Original Message-----
From: Chanwoo Choi <[email protected]>
Sent: Wednesday, April 27, 2022 2:09 AM
To: bumwoo lee <[email protected]>; MyungJoo Ham <[email protected]>; Chanwoo Choi <[email protected]>; [email protected]
Subject: Re: [PATCH] extcon: modify extcon device to be created after driver data is set

Hi Bumwoo,

Firstly, I'm sorry for late replay.

On 22. 3. 31. 12:03, bumwoo lee wrote:
> Currently, someone can invoke the sysfs such as state_show()
> intermittently before set_drvdata() is done.
> And it can be a cause of kernel Oops because of edev is Null at that time.
> So modified the driver registration to after setting drviver data.
>
> - Oops's backtrace.
>
> Backtrace:
> [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
> [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
> [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
> [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
> [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
> [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
> [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>]
> (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from
> [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>]
> (__sys_trace_return)
>
> Signed-off-by: bumwoo lee <[email protected]>
> ---
> drivers/extcon/extcon.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c index
> d27cd9f88f86..74fee04bd764 100644
> --- a/drivers/extcon/extcon.c
> +++ b/drivers/extcon/extcon.c
> @@ -1224,18 +1224,13 @@ int extcon_dev_register(struct extcon_dev *edev)
> edev->dev.type = &edev->extcon_dev_type;
> }
>
> - ret = device_register(&edev->dev);
> - if (ret) {
> - put_device(&edev->dev);
> - goto err_dev;
> - }
> + device_initialize(&edev->dev);
>
> spin_lock_init(&edev->lock);
> edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
> sizeof(*edev->nh), GFP_KERNEL);

Actually, I'm not sure that it is proper to use 'edev->dev'
by devm_kcalloc before device_add. When error happen between device_initialize and device_add, I think that it is not properly handled such as free the allocated memory automatically.

> if (!edev->nh) {
> ret = -ENOMEM;
> - device_unregister(&edev->dev);
> goto err_dev;
> }
>
> @@ -1251,9 +1246,14 @@ int extcon_dev_register(struct extcon_dev *edev)
> list_add(&edev->entry, &extcon_dev_list);
> mutex_unlock(&extcon_dev_list_lock);
>
> + ret = device_add(&edev->dev);
> + if (ret)
> + goto err_dev;

On this case, need to delete entry from extcon_dev_list by using list_del.

> +
> return 0;
>
> err_dev:
> + put_device(&edev->dev);
> if (edev->max_supported)
> kfree(edev->extcon_dev_type.groups);
> err_alloc_groups:


I recommend that move device_register() position after dev_set_drvdata.
And then use kcalloc instead of devm_kcalloc as following:


diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c index d27cd9f88f86..80e5bfec1131 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1224,19 +1224,11 @@ int extcon_dev_register(struct extcon_dev *edev)
edev->dev.type = &edev->extcon_dev_type;
}

- ret = device_register(&edev->dev);
- if (ret) {
- put_device(&edev->dev);
- goto err_dev;
- }
-
spin_lock_init(&edev->lock);
- edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
- sizeof(*edev->nh), GFP_KERNEL);
+ edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
GFP_KERNEL);
if (!edev->nh) {
ret = -ENOMEM;
- device_unregister(&edev->dev);
- goto err_dev;
+ goto err_alloc_nh;
}

for (index = 0; index < edev->max_supported; index++) @@ -1247,6 +1239,12 @@ int extcon_dev_register(struct extcon_dev *edev)
dev_set_drvdata(&edev->dev, edev);
edev->state = 0;

+ ret = device_register(&edev->dev);
+ if (ret) {
+ put_device(&edev->dev);
+ goto err_dev;
+ }
+
mutex_lock(&extcon_dev_list_lock);
list_add(&edev->entry, &extcon_dev_list);
mutex_unlock(&extcon_dev_list_lock);
@@ -1254,6 +1252,9 @@ int extcon_dev_register(struct extcon_dev *edev)
return 0;

err_dev:
+ if (edev->max_supported)
+ kfree(edev->nh);
+err_alloc_nh:
if (edev->max_supported)
kfree(edev->extcon_dev_type.groups);
err_alloc_groups:
@@ -1314,6 +1315,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
if (edev->max_supported) {
kfree(edev->extcon_dev_type.groups);
kfree(edev->cables);
+ kfree(edev->nh);
}

put_device(&edev->dev);



--
Best Regards,
Samsung Electronics
Chanwoo Choi

2022-04-27 11:35:29

by Chanwoo Choi

[permalink] [raw]
Subject: Re: [PATCH] extcon: modify extcon device to be created after driver data is set

Hi Bumwoo,

Firstly, I'm sorry for late replay.

On 22. 3. 31. 12:03, bumwoo lee wrote:
> Currently, someone can invoke the sysfs such as state_show()
> intermittently before set_drvdata() is done.
> And it can be a cause of kernel Oops because of edev is Null at that time.
> So modified the driver registration to after setting drviver data.
>
> - Oops's backtrace.
>
> Backtrace:
> [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
> [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
> [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
> [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
> [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
> [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
> [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
> [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
> [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
> [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)
>
> Signed-off-by: bumwoo lee <[email protected]>
> ---
> drivers/extcon/extcon.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
> index d27cd9f88f86..74fee04bd764 100644
> --- a/drivers/extcon/extcon.c
> +++ b/drivers/extcon/extcon.c
> @@ -1224,18 +1224,13 @@ int extcon_dev_register(struct extcon_dev *edev)
> edev->dev.type = &edev->extcon_dev_type;
> }
>
> - ret = device_register(&edev->dev);
> - if (ret) {
> - put_device(&edev->dev);
> - goto err_dev;
> - }
> + device_initialize(&edev->dev);
>
> spin_lock_init(&edev->lock);
> edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
> sizeof(*edev->nh), GFP_KERNEL);

Actually, I'm not sure that it is proper to use 'edev->dev'
by devm_kcalloc before device_add. When error happen
between device_initialize and device_add, I think that
it is not properly handled such as free the allocated memory
automatically.

> if (!edev->nh) {
> ret = -ENOMEM;
> - device_unregister(&edev->dev);
> goto err_dev;
> }
>
> @@ -1251,9 +1246,14 @@ int extcon_dev_register(struct extcon_dev *edev)
> list_add(&edev->entry, &extcon_dev_list);
> mutex_unlock(&extcon_dev_list_lock);
>
> + ret = device_add(&edev->dev);
> + if (ret)
> + goto err_dev;

On this case, need to delete entry from extcon_dev_list
by using list_del.

> +
> return 0;
>
> err_dev:
> + put_device(&edev->dev);
> if (edev->max_supported)
> kfree(edev->extcon_dev_type.groups);
> err_alloc_groups:


I recommend that move device_register() position after dev_set_drvdata.
And then use kcalloc instead of devm_kcalloc as following:


diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index d27cd9f88f86..80e5bfec1131 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1224,19 +1224,11 @@ int extcon_dev_register(struct extcon_dev *edev)
edev->dev.type = &edev->extcon_dev_type;
}

- ret = device_register(&edev->dev);
- if (ret) {
- put_device(&edev->dev);
- goto err_dev;
- }
-
spin_lock_init(&edev->lock);
- edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
- sizeof(*edev->nh), GFP_KERNEL);
+ edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
GFP_KERNEL);
if (!edev->nh) {
ret = -ENOMEM;
- device_unregister(&edev->dev);
- goto err_dev;
+ goto err_alloc_nh;
}

for (index = 0; index < edev->max_supported; index++)
@@ -1247,6 +1239,12 @@ int extcon_dev_register(struct extcon_dev *edev)
dev_set_drvdata(&edev->dev, edev);
edev->state = 0;

+ ret = device_register(&edev->dev);
+ if (ret) {
+ put_device(&edev->dev);
+ goto err_dev;
+ }
+
mutex_lock(&extcon_dev_list_lock);
list_add(&edev->entry, &extcon_dev_list);
mutex_unlock(&extcon_dev_list_lock);
@@ -1254,6 +1252,9 @@ int extcon_dev_register(struct extcon_dev *edev)
return 0;

err_dev:
+ if (edev->max_supported)
+ kfree(edev->nh);
+err_alloc_nh:
if (edev->max_supported)
kfree(edev->extcon_dev_type.groups);
err_alloc_groups:
@@ -1314,6 +1315,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
if (edev->max_supported) {
kfree(edev->extcon_dev_type.groups);
kfree(edev->cables);
+ kfree(edev->nh);
}

put_device(&edev->dev);



--
Best Regards,
Samsung Electronics
Chanwoo Choi