Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10727439rwl; Thu, 12 Jan 2023 01:34:26 -0800 (PST) X-Google-Smtp-Source: AMrXdXvDLWF1KAflMMHXbT72Wng3krC5r4xxNJKPQrM8ORNeVI+BRADEwKkCCE9HtCMpoHW+olMd X-Received: by 2002:a17:90a:17e6:b0:229:8c:9e30 with SMTP id q93-20020a17090a17e600b00229008c9e30mr1930198pja.25.1673516066650; Thu, 12 Jan 2023 01:34:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673516066; cv=none; d=google.com; s=arc-20160816; b=FVntcxqJTnafYvMwvSA/D17UFMuD1v0uux8w8J44l9V2G0uoxNOWTuAwHp9GyP0Y3S QXa331R0U5eotPMwQBCo1pmYDvZVR5jNmAlZx45NYutF7TqfojwF2O5uF3bzP02jYNvb 7yXMY46mAtNJQaO34SwLhqry9zPrhNhA7q31jJm/xE75TxJmjJVmO2buKhQWQQUiyTf6 K3u/laEQHt6Wrar6rMJSfQLewwcAf0NU3ZeJ3Zd3jrOxzov6rN5kHIMO8kBSml8JkAh2 bwMNIQtV0oKJbxcmi83+upnyWHCG28s/hxbMRxjllMPHfWRGK6VC58UicBEw4Ar7zAt9 2Agw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=N5Gv/lkMhRvVTTzKOnvOJgbWmrD30nth3OhwfwhuF0c=; b=XFQt69cm0vgPgSlGLcDLhHNCJ8Ai73BSfudFLHV+QYtTwpmzYYYreutXnHDzCqCm03 OwuWO2sj5ijEh+GM/L8jgvH4mWjVnOiKl4X5bNLCM1DtVLTeKUxJhvQa63wxNdFUA7xZ qXN2wbN6Pw9hP4o/WzCXnxx0uFLU8gSoa2HYdRO3h4tkh0ysZZyo7LQC0QtZOO1SAV/a tUkGZxrflYAznleYdfTV97nYd6RQDhtlmNgCHXe6oZ6M1WqsovykWvLLjGWStntT6PiE ISH0v6YrZEmRrqIEZ2qATzBbUrqL+btQ571fDstCQvyPbhLJVWuRRY9BxHEfml3yR3tM PqTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bgdev-pl.20210112.gappssmtp.com header.s=20210112 header.b=rgyOuGyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y190-20020a638ac7000000b004b40f8fb6d7si9641911pgd.380.2023.01.12.01.34.19; Thu, 12 Jan 2023 01:34:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bgdev-pl.20210112.gappssmtp.com header.s=20210112 header.b=rgyOuGyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239987AbjALJGq (ORCPT + 52 others); Thu, 12 Jan 2023 04:06:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239927AbjALJGN (ORCPT ); Thu, 12 Jan 2023 04:06:13 -0500 Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CA78E097 for ; Thu, 12 Jan 2023 01:01:12 -0800 (PST) Received: by mail-vs1-xe36.google.com with SMTP id o63so18365008vsc.10 for ; Thu, 12 Jan 2023 01:01:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bgdev-pl.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=N5Gv/lkMhRvVTTzKOnvOJgbWmrD30nth3OhwfwhuF0c=; b=rgyOuGyIKW8ztIWxndMNGNuxo2ku5Up56NMfudn60ePDqw4IWf9z8QhQGGfe8stiNf k7u6I5JyOE0W/rGj1Rr4uw3B9xIg9V0helQJ2queK/+SSwphzXnuKEcESlVQgFEdiAsD TFy6+O3nrWght+Nyz+lowkLFaGmIcnzQ0O2WcRCnpLX8QQXnye8FCU3I1ZwkA7Zb7Jj3 nqo+WSGU0xfHPxP+JE+cPpQ8r8hvunUPbybetXaxd2XTmeOtMSwfA8FfL95reG6G8X1o FGfEeBCWguiHezJDFgiID4GjtkkIZn2wPzw9mbELn7SdOLMvl1u+ZD4Yuo/7uR1nQkRh TOMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N5Gv/lkMhRvVTTzKOnvOJgbWmrD30nth3OhwfwhuF0c=; b=bZsVm9RLcYebCoR3unxMx6U5KRQkn896JRuvZLTdyciRnM+cRa/G07WLPH2ZtF08Uz zjppMZpE20nzVIqNlAiFJhBvBTTxQOG2X14+tNgeOpPkoC43+nOJFaC827lbbxhoEFlz vi+jb2P0xbdF7zaBT5s2BfBnijlrGixpmGPwhj3Q6m3DSxfYO4BTxmoSK9H3PZmHzpQX ydJaA1r6fTnhTfqyzSaqehycz6SovUV8upOkmOBjEkOF8Ekb45ODUrPWQRwJFl9QuB5i tkldV7nb41vHyTf0wl/9CmPY74ehYmNTgpPPzkgstFv1Z+f8t4s4iEeNkQtJYykWFPgA dhAw== X-Gm-Message-State: AFqh2kpOZTaPv+TavELszRwhfoD87gital0LiCQB5+Xu/Uk9B9e9FW6u J4EycKhkkF/DdH6d35OHMrjRxOhsiE5KavLs1kdA8w== X-Received: by 2002:a67:df8c:0:b0:3c5:1ac1:bf38 with SMTP id x12-20020a67df8c000000b003c51ac1bf38mr10977120vsk.78.1673514071171; Thu, 12 Jan 2023 01:01:11 -0800 (PST) MIME-Version: 1.0 References: <20221229160045.535778-1-brgl@bgdev.pl> In-Reply-To: <20221229160045.535778-1-brgl@bgdev.pl> From: Bartosz Golaszewski Date: Thu, 12 Jan 2023 10:01:00 +0100 Message-ID: Subject: Re: [PATCH v2 0/2] i2c: fortify the subsystem against user-space induced deadlocks To: Wolfram Sang Cc: linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, Bartosz Golaszewski Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 29, 2022 at 5:00 PM Bartosz Golaszewski wrote: > > From: Bartosz Golaszewski > > Several subsystems in the kernel that export device files to user-space > suffer from a bug where keeping an open file descriptor associated with > this device file, unbinding the device from its driver and then calling > any of the supported system calls on that file descriptor will result in > either a crash or - as is the case with i2c - a deadlock. > > This behavior has been blamed on extensive usage of device resource > management interfaces but it seems that devres has nothing to do with it, > the problem would be the same whether using devres or freeing resources > in .remove() that should survive the driver detach. > > Many subsystems already deal with this by implementing some kind of flags > in the character device data together with locking preventing the > user-space from dropping the subsystem data from under the open device. > > In i2c the deadlock comes from the fact that the function unregistering > the adapter waits for a completion which will not be passed until all > references to the character device are dropped. > > The first patch in this series is just a tweak of return values of the > notifier callback. The second addresses the deadlock problem in a way > similar to how we fixed this issue in the GPIO subystem. Details are in > the commit message. > > v1 -> v2: > - keep the device release callback and use it to free the IDR number > - rebase on top of v6.2-rc1 > > Bartosz Golaszewski (2): > i2c: dev: fix notifier return values > i2c: dev: don't allow user-space to deadlock the kernel > > drivers/i2c/i2c-core-base.c | 26 ++------- > drivers/i2c/i2c-dev.c | 112 +++++++++++++++++++++++++++++------- > include/linux/i2c.h | 2 - > 3 files changed, 96 insertions(+), 44 deletions(-) > > -- > 2.37.2 > Hi Wolfram, It's been two weeks without any comments on this series and over a month since v1 so let me send a gentle ping on this. Bart