Received: by 10.223.164.202 with SMTP id h10csp552006wrb; Thu, 9 Nov 2017 10:25:02 -0800 (PST) X-Google-Smtp-Source: ABhQp+TpQ9lFugXoDT3mrl2fZZkHkXz+TeQIEHvqRNJGSRhIdXGlD50rQxoCpxCzBhoN7geU45xh X-Received: by 10.98.58.199 with SMTP id v68mr1399580pfj.44.1510251902844; Thu, 09 Nov 2017 10:25:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510251902; cv=none; d=google.com; s=arc-20160816; b=DuRLCg2bRqaeKfL6pq3ERuLcZC4rdBZrJWLqgAPqjOhkTauCLZ/iErZdmep5vPF2KK OYCmQLTmWfs1DTc4q5B5CLORgu4Kvj6232uezovkwt+ij0dXAFpFO2Zi8vsZbtJ16od4 Lx8xQKwrIhbQBBpLyUm/JYecaRC6vRAlveybp06LtD32VFYa/sT7nYnkxX6bZ3bIZ07a MdWLS3qh+hsprH5IZupg7/CToaJunc7+WhXS6cDuei7Ed1lt/JCid2iNeR+bYjGt5qRr tcriMF0p/h8ZxXXeu/n40r7c0j39dYlG2Gye8XN8rD3A0HqvB4DmUKxaFpua9ROovQ+G HWmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:arc-authentication-results; bh=5qXW1ebdnG7WrNtKxv8na0wOT3e9ykMyDyRYV3hG6iY=; b=Q4q+579xkhwuMHjO1l/YF4fj3lYVzIE6WpFkVOTpYusqMNYerJjORQlKrqERQrQbkj yU3Ji6GeJP2kNPOlxXBBHpog9YgovCssSAEtV/svSoEnRop2sS2Y2Bh1MT7ykURiQEzj GO/0Y+VOoZ8OIgS8mC+V2zP48YOE3DmcG4Z+hcwqQqihxlWBrVJuowMe/VJ+RsP55P/x 6HXOdWN2aMrskImLo1EU23OdAFVNvaeHS+6Vnn4SUbRYUkqmM9BRkaMd93kU1+Rc8jGN wCllBTWgSoLdM4sE0VkBle+Y4pkZvTCy5VTDVj214TtZPjVythiLy1OuyFPm5XdtsSF8 oneQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h192si2760920pgc.152.2017.11.09.10.24.50; Thu, 09 Nov 2017 10:25:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752867AbdKISYO (ORCPT + 82 others); Thu, 9 Nov 2017 13:24:14 -0500 Received: from mail.savoirfairelinux.com ([208.88.110.44]:47508 "EHLO mail.savoirfairelinux.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751012AbdKISYN (ORCPT ); Thu, 9 Nov 2017 13:24:13 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.savoirfairelinux.com (Postfix) with ESMTP id 01BDD9C2A35; Thu, 9 Nov 2017 13:24:12 -0500 (EST) Received: from mail.savoirfairelinux.com ([127.0.0.1]) by localhost (mail.savoirfairelinux.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ea_PoeLXx0Vx; Thu, 9 Nov 2017 13:24:10 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mail.savoirfairelinux.com (Postfix) with ESMTP id 65E589C2CF2; Thu, 9 Nov 2017 13:24:10 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.savoirfairelinux.com Received: from mail.savoirfairelinux.com ([127.0.0.1]) by localhost (mail.savoirfairelinux.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mjdM-ACrW4vv; Thu, 9 Nov 2017 13:24:10 -0500 (EST) Received: from localhost (unknown [192.168.49.192]) by mail.savoirfairelinux.com (Postfix) with ESMTPSA id 17E019C2A35; Thu, 9 Nov 2017 13:24:10 -0500 (EST) From: Vivien Didelot To: Andrew Lunn Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@savoirfairelinux.com, "David S. Miller" , Florian Fainelli , Stephen Rothwell , lkp@01.org Subject: Re: [PATCH net-next] net: dsa: remove tree refcount In-Reply-To: <20171109181015.GH13277@lunn.ch> References: <20171109173652.25258-1-vivien.didelot@savoirfairelinux.com> <20171109181015.GH13277@lunn.ch> Date: Thu, 09 Nov 2017 13:24:09 -0500 Message-ID: <87tvy3b99y.fsf@weeman.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Andrew, Andrew Lunn writes: > On Thu, Nov 09, 2017 at 12:36:52PM -0500, Vivien Didelot wrote: >> Setting the refcount to 0 when allocating a tree to match the number of >> switch devices it holds may cause an 'increment on 0; use-after-free'. >> >> Tracking the number of devices in a tree with a kref is not really >> appropriate anyway so removes it completely in favor of a basic counter. > > How are you protecting this basic counter? switches can come and go at > random, modules are loaded and unloaded, probing can happen in > parallel, probes can fail with EPROBE_DEFFER causing a switch to > unregister itself while others are registering themselves, etc. As for the kref, the counter is protected by dsa2_mutex which locks switch registration, nothing changed. > The point of using a kref is that it is a well known kernel method of > safely handling this situation. When the last member of the tree goes > away, we safely and atomically remove the tree. It worked well for a > few years, until you refactored it. Maybe the correct solution is to > revert your change? The kref doesn't add any value here and make the code more complex. If you prefer to keep it, a simple alternative can be provided to init the refcount to 1 at initialization and decrement it after registration: diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c index fd54a8e17986..1fb8beb66493 100644 --- a/net/dsa/dsa2.c +++ b/net/dsa/dsa2.c @@ -51,9 +51,7 @@ static struct dsa_switch_tree *dsa_tree_alloc(int index) INIT_LIST_HEAD(&dst->list); list_add_tail(&dsa_tree_list, &dst->list); - /* Initialize the reference counter to the number of switches, not 1 */ kref_init(&dst->refcount); - refcount_set(&dst->refcount.refcount, 0); return dst; } @@ -69,7 +67,9 @@ static struct dsa_switch_tree *dsa_tree_touch(int index) struct dsa_switch_tree *dst; dst = dsa_tree_find(index); - if (!dst) + if (dst) + dsa_tree_get(dst); + else dst = dsa_tree_alloc(index); return dst; @@ -765,6 +765,8 @@ int dsa_register_switch(struct dsa_switch *ds) mutex_lock(&dsa2_mutex); err = dsa_switch_probe(ds); + if (ds->dst) + dsa_tree_put(ds->dst); mutex_unlock(&dsa2_mutex); return err; Getting rid of the refcount seems simpler, but we can use this alternative instead. Let me know what you prefer. Thanks, Vivien From 1583613030590422141@xxx Thu Nov 09 18:11:14 +0000 2017 X-GM-THRID: 1583611025398699103 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread