On Wed, Nov 01, 2023 at 07:36:27PM +0200, Jos? Pekkarinen wrote:
> Hinted by syzboot, there is a few cases where the sysfs power group may
> not be there, like the failure while adding it, or adding its runtime
> group, or when the sysfs firmware loader fallback fail to populate. In
> the last case, the device_del function will be called leading to attempt
> to remove the sysfs group. This patch will lookup for it in advance to
> grant that it is effectively there before cleaning it up.
>
> Reported-by: [email protected]
>
> Signed-off-by: Jos? Pekkarinen <[email protected]>
> ---
> drivers/base/power/sysfs.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
> index a1474fb67db9..6601729c4698 100644
> --- a/drivers/base/power/sysfs.c
> +++ b/drivers/base/power/sysfs.c
> @@ -834,5 +834,7 @@ void dpm_sysfs_remove(struct device *dev)
> dev_pm_qos_constraints_destroy(dev);
> rpm_sysfs_remove(dev);
> sysfs_unmerge_group(&dev->kobj, &pm_wakeup_attr_group);
> - sysfs_remove_group(&dev->kobj, &pm_attr_group);
> +
> + if (kernfs_find_and_get((&dev->kobj)->sd, pm_attr_group.name))
> + sysfs_remove_group(&dev->kobj, &pm_attr_group);
What's to keep it from going away right after finding it?
In other words, what is wrong with removing a group that is not there?
What error happens? It should be fine, or are you seeing real code
failures somewhere?
Also, I think you just leaked a reference count here, how was this
tested?
thanks,
greg k-h
On 2023-11-01 19:54, Greg KH wrote:
> On Wed, Nov 01, 2023 at 07:36:27PM +0200, José Pekkarinen wrote:
>> Hinted by syzboot, there is a few cases where the sysfs power group
>> may
>> not be there, like the failure while adding it, or adding its runtime
>> group, or when the sysfs firmware loader fallback fail to populate. In
>> the last case, the device_del function will be called leading to
>> attempt
>> to remove the sysfs group. This patch will lookup for it in advance to
>> grant that it is effectively there before cleaning it up.
>>
>> Reported-by: [email protected]
>>
>> Signed-off-by: José Pekkarinen <[email protected]>
>> ---
>> drivers/base/power/sysfs.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
>> index a1474fb67db9..6601729c4698 100644
>> --- a/drivers/base/power/sysfs.c
>> +++ b/drivers/base/power/sysfs.c
>> @@ -834,5 +834,7 @@ void dpm_sysfs_remove(struct device *dev)
>> dev_pm_qos_constraints_destroy(dev);
>> rpm_sysfs_remove(dev);
>> sysfs_unmerge_group(&dev->kobj, &pm_wakeup_attr_group);
>> - sysfs_remove_group(&dev->kobj, &pm_attr_group);
>> +
>> + if (kernfs_find_and_get((&dev->kobj)->sd, pm_attr_group.name))
>> + sysfs_remove_group(&dev->kobj, &pm_attr_group);
>
> What's to keep it from going away right after finding it?
>
> In other words, what is wrong with removing a group that is not there?
> What error happens? It should be fine, or are you seeing real code
> failures somewhere?
No, this is just hitting a warning that sysbot complains about by
setting panic on warning, no big deal, though it can be a wrong
behaviour
in ueagle-atm driver, since it defines to disconnect the device if the
firmware is not there, no matter the sysfs fallback.
> Also, I think you just leaked a reference count here, how was this
> tested?
Both by setting up a local vm following syzkaller instructions and
using the syzkaller itself to test it. You can take a look in the link
if you feel like it.
José.
On Fri, Nov 03, 2023 at 07:49:39PM +0200, Jos? Pekkarinen wrote:
> On 2023-11-01 19:54, Greg KH wrote:
> > On Wed, Nov 01, 2023 at 07:36:27PM +0200, Jos? Pekkarinen wrote:
> > > Hinted by syzboot, there is a few cases where the sysfs power group
> > > may
> > > not be there, like the failure while adding it, or adding its runtime
> > > group, or when the sysfs firmware loader fallback fail to populate. In
> > > the last case, the device_del function will be called leading to
> > > attempt
> > > to remove the sysfs group. This patch will lookup for it in advance to
> > > grant that it is effectively there before cleaning it up.
> > >
> > > Reported-by: [email protected]
> > >
> > > Signed-off-by: Jos? Pekkarinen <[email protected]>
> > > ---
> > > drivers/base/power/sysfs.c | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
> > > index a1474fb67db9..6601729c4698 100644
> > > --- a/drivers/base/power/sysfs.c
> > > +++ b/drivers/base/power/sysfs.c
> > > @@ -834,5 +834,7 @@ void dpm_sysfs_remove(struct device *dev)
> > > dev_pm_qos_constraints_destroy(dev);
> > > rpm_sysfs_remove(dev);
> > > sysfs_unmerge_group(&dev->kobj, &pm_wakeup_attr_group);
> > > - sysfs_remove_group(&dev->kobj, &pm_attr_group);
> > > +
> > > + if (kernfs_find_and_get((&dev->kobj)->sd, pm_attr_group.name))
> > > + sysfs_remove_group(&dev->kobj, &pm_attr_group);
> >
> > What's to keep it from going away right after finding it?
> >
> > In other words, what is wrong with removing a group that is not there?
> > What error happens? It should be fine, or are you seeing real code
> > failures somewhere?
>
> No, this is just hitting a warning that sysbot complains about by
> setting panic on warning, no big deal, though it can be a wrong behaviour
> in ueagle-atm driver, since it defines to disconnect the device if the
> firmware is not there, no matter the sysfs fallback.
Then fix the driver please.
And what warning are you seeing exactly?
thanks,
greg k-h