Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1407663yba;
        Thu, 9 May 2019 16:24:26 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzKOvG4PxkEOKvAGQSkI0Hqpq9ahBoCLZO4YbiJCgeLnu8bfv+hwTVvi2BsGSdPx7suFCWR
X-Received: by 2002:a65:5941:: with SMTP id g1mr9330080pgu.51.1557444266688;
        Thu, 09 May 2019 16:24:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557444266; cv=none;
        d=google.com; s=arc-20160816;
        b=MkgOLeJUQJ0p23c+m0E9+Unh34F8WApko1GIEHiRYUpSvnws4MokVHbsBwOC9UTlbd
         vYiMoCzR3PT9S2zQ4uxfqzkFqo0H2D4W8CQJngUN9b8BHzP3RUPLDBCIVLNAdOVw5C51
         muLadO74V0v9gZwf+Tf0VB2IiJLZnnIs8CuPTQDKgS0Ms0CVsgMkpG1s3d5rSu0R3Due
         5NEE/kvAwMFnpz5Z/Yjwfi/jQfMqLas43PnQz5myFodwq07xexsTNbhmHx9JcQT7OOgG
         20rJT2RkHkVxVz1H561a60/xCo2in0wX7S0odDEOvX9OMiefKrIvDHxtKs48nFMvPJXu
         LJJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=idKXF/zEjTJQpu+DWiThNEXiOOOMVgUQe/aAcsOe0fY=;
        b=fpj14kJZw3ITpstwLjvk2zWTurcC8Pm+VWBmQkp6AkvzXEcUOzssyYMs213+ERWy34
         2vyF3qpt6bcPt80Do1pda7bZQpaNA3rN+z6WaIZajKwU5cN44zqkbU+/H+YL8DANzQzG
         eMK9xy2kq1cusgQLOcu9B3sOaqrkR5yYaTx8Dc9Ek3jmNoSPprqPIbyC0geP3S9as388
         icLRMosKGcCve0KjjBFD/m3T43QFqYgf+mTizXiNEfW5JimYFzdMQlWUCqrPWJY/OH4Z
         NqwR9psoS8xLU4AW1LPK2DkqO852gURHWiHAvWjRdyQGeQZas68nLowKYErYtF1CbBXu
         1/GA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m136si4967239pga.274.2019.05.09.16.23.54;
        Thu, 09 May 2019 16:24:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726777AbfEIXWZ (ORCPT <rfc822;atom.tux.beastie@gmail.com>
        + 99 others); Thu, 9 May 2019 19:22:25 -0400
Received: from gate.crashing.org ([63.228.1.57]:58675 "EHLO gate.crashing.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726108AbfEIXWZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 9 May 2019 19:22:25 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
        by gate.crashing.org (8.14.1/8.14.1) with ESMTP id x49NMF3O027885;
        Thu, 9 May 2019 18:22:16 -0500
Message-ID: <73b783e634551420dfa249816514fb31ed3487b6.camel@kernel.crashing.org>
Subject: Re: [PATCH] driver core: Fix use-after-free and double free on glue
 directory
From:   Benjamin Herrenschmidt <benh@kernel.crashing.org>
To:     Gaurav Kohli <gkohli@codeaurora.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        Muchun Song <smuchun@gmail.com>
Cc:     rafael@kernel.org, linux-kernel <linux-kernel@vger.kernel.org>,
        zhaowuyun@wingtech.com, linux-arm-msm@vger.kernel.org
Date:   Fri, 10 May 2019 09:22:14 +1000
In-Reply-To: <e79201c2-a00b-d226-adc2-62769ae1ad81@codeaurora.org>
References: <20190423143258.96706-1-smuchun@gmail.com>
         <24b0fff3775147c04b006282727d94fea7f408b4.camel@kernel.crashing.org>
         <CAPSr9jHhwASv7=83hU+81mC0JJyuyt2gGxLmyzpCOfmc9vKgGQ@mail.gmail.com>
         <a37e7a49c3e7fa6ece2be2b76798fef3e51ade4e.camel@kernel.crashing.org>
         <CAPSr9jHCVCHNK+AmKkUBgs4dPC0UC5KdYKqMinkauyL3OL6qrQ@mail.gmail.com>
         <79fbc203bc9fa09d88ab2c4bff8635be4c293d49.camel@kernel.crashing.org>
         <CAPSr9jHw9hgAZo2TuDAKdSLEG1c6EtJG005MWxsxfnbsk1AXow@mail.gmail.com>
         <20190504153440.GB19654@kroah.com>
         <e79201c2-a00b-d226-adc2-62769ae1ad81@codeaurora.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 2019-05-09 at 20:08 +0530, Gaurav Kohli wrote:
> Hi ,
> 
> Last patch will serialize the addition of child to parent directory, 
> won't it affect performance.

I doubt this is a significant issue, and there's already a global lock
taken once or twice in that path, the fix is purely to make sure that
the some locked section is used both for the lookup and the addition as
the bug comes from the window in between those two operations allowing
the object to be removed after it was "found".

Cheers,
Ben.
 
> 
> Regards
> Gaurav
> 
> On 5/4/2019 9:04 PM, Greg KH wrote:
> > On Sat, May 04, 2019 at 10:47:07PM +0800, Muchun Song wrote:
> > > Benjamin Herrenschmidt <benh@kernel.crashing.org> 于2019年5月2日周四
> > > 下午2:25写道：
> > > 
> > > > > > The basic idea yes, the whole bool *locked is horrid
> > > > > > though.
> > > > > > Wouldn't it
> > > > > > work to have a get_device_parent_locked that always returns
> > > > > > with
> > > > > > the mutex held,
> > > > > > or just move the mutex to the caller or something simpler
> > > > > > like this
> > > > > > ?
> > > > > > 
> > > > > 
> > > > > Greg and Rafael, do you have any suggestions for this? Or you
> > > > > also
> > > > > agree with Ben?
> > > > 
> > > > Ping guys ? This is worth fixing...
> > > 
> > > I also agree with you. But Greg and Rafael seem to be high
> > > latency right now.
> > 
> > It's in my list of patches to get to, sorry, hopefully will dig out
> > of
> > that next week with the buffer that the merge window provides me.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> 
>