Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2531941yba; Sun, 28 Apr 2019 03:11:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqxDmPGPn+X/UdJmypcNSZ0sKBJcJ6lRN2mft5E49+s4dmJ0SfrG7stLb+DknHsABaqlKgqk X-Received: by 2002:a63:1e12:: with SMTP id e18mr22320696pge.87.1556446298507; Sun, 28 Apr 2019 03:11:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556446298; cv=none; d=google.com; s=arc-20160816; b=U0pAdKUigmGTo71PSJDxMNhChSyYToHx8oiTKcZ3PHJlFky38YgY0HvYSD/bOpTyZl 2VvR2F1UtRYI9d+9rqRFf/uMpC6WSqXxNq3B33qFcsqxQ/b4QVptbN4OTE/lRbcQgsXJ 5iUqb7uQOFms2H//wyjd4s2c4MtzhQgUfDPqPCHyJFyfl3GQYT9WxPuZbe4ZwKoVkj54 PD6Y6g1p3LS8490G0YS4qPWcY9ZNkqKPqXutzATGWkdJS/Trh0e21hEvOye3U1y5q073 x9GIuBVdUOeFk7vUv9v6hugPLfe9vD3vF+4qUg7fbilgONAU/gENnqQnoOQbz/52kyhl uZaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=1bXN0eeDDGsp+BksR1RqC5WMJVyqdI0+IerLHc4Z/pk=; b=ukADhAx379AzxS4y6lxGEDHzw3bB6CECYRGwyscn5rjUdS5LoUEzfLFHniTXWLzmDG J6NCvflP/11x30YBUJ8Fh+9CeUIX4jEOfx0Qn2KCe4RkT6h0Cz3BMXK7S66gtnwvnU5t hRbodJqUwY2+HlwfXmHBYKiaj1z6mLTTz3K12+jnw4fXo+y1VIVp6jXWflSdW3cZCMpm lHLB36idy4Ey5piVo6KvDqF0A28aYS7JR+Gor04iTrf7rGogPAlPeSQ6FVXzg1J48ubW aAqwjoaybkjZsci/XHbuBcCnQkTqDgXr2hubLXebx8CXB9rjTSBVffu2uTMitKZ1Yp99 lgIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3si17948832plb.312.2019.04.28.03.11.21; Sun, 28 Apr 2019 03:11:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726480AbfD1KK3 (ORCPT + 99 others); Sun, 28 Apr 2019 06:10:29 -0400 Received: from gate.crashing.org ([63.228.1.57]:56902 "EHLO gate.crashing.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726344AbfD1KK3 (ORCPT ); Sun, 28 Apr 2019 06:10:29 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id x3SAAJxT002276; Sun, 28 Apr 2019 05:10:20 -0500 Message-ID: Subject: Re: [PATCH] driver core: Fix use-after-free and double free on glue directory From: Benjamin Herrenschmidt To: Muchun Song Cc: gregkh@linuxfoundation.org, rafael@kernel.org, linux-kernel , zhaowuyun@wingtech.com Date: Sun, 28 Apr 2019 13:10:19 +0300 In-Reply-To: References: <20190423143258.96706-1-smuchun@gmail.com> <24b0fff3775147c04b006282727d94fea7f408b4.camel@kernel.crashing.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2019-04-25 at 23:44 +0800, Muchun Song wrote: > I agree with you that the looking up of the glue dir and creation of its child > should be protected by the same lock of gdp_mutex. So, do you agree with > the fix of the following code snippet? The basic idea yes, the whole bool *locked is horrid though. Wouldn't it work to have a get_device_parent_locked that always returns with the mutex held, or just move the mutex to the caller or something simpler like this ? Ben.