Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3557354iog; Tue, 21 Jun 2022 00:50:24 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vxlxlc2waT5nCrYvm5wSQTQx+x1RxXH/o7uf02ilcnCfU89B5uQXLkrO9ZKObpbEWaLqt1 X-Received: by 2002:a17:902:930c:b0:167:8960:2c39 with SMTP id bc12-20020a170902930c00b0016789602c39mr27735037plb.33.1655797823761; Tue, 21 Jun 2022 00:50:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655797823; cv=none; d=google.com; s=arc-20160816; b=oPWHVwDnUm+66sIyljSlGyADENtSB1PqRdYaaFCZRHpf5GktCqcKFjKN1oTM9MhB23 zWgs8+OslSX5XvgJ9FstELTs8vLD3AtuMDY7rO/WY3UqfXR3L0ZVNhWxW+WyLaAw0fNj losLZl6VgcByeiXq72YCKf39oBxadF6BIuE1fak3daayYXW7uE/GDqKJvEn7HWFCi95t IibYvm5JFmyA9zcRf6mWLvez8j/MW/FrIn4G9qcWEdbR6s4Qo21j0DgoDJk6L8p7PJkg bNRQhnu1know1Tbpq419rn2dK4rBe3ZBhTtUhPS8o7/jbaDQ4GjexOE1OZTF/UX6xrvj j1nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=nk+fdQE93FqPegDOLztKBITezax/oNzcyKzefYaORp8=; b=GfD20oitzW4m12/M/9yBt6LK9KJOlJqLEFvzqAg7xfWBRWgHIILcOGiWhiquoP+4wL eGM5To5XsFDKVSMHtXNrnKHIPS5rygsRhqabLcL9lIZaiE0tolmjpYZrfBT8CD0cQNe2 mJeDOzVw/CfxwLYo/SZ6EFVEMWq9KKsOa0omjMKIqVFcb7rpSRS9XpsQ3oqQk8tpJL/J yxyrSRfV7Xla8PGf1QVGZEW3rtvkJoz0gOgykPxE/VxXbDhdlWurcnMipHDdhp18Judk UzrJjMhdVfN209Wq/QPmWiNOy9klP3DwsuoVb4re8bF5MOKw0ERSX7XI4M6mFXUKLnX3 w49Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fg3yA65Y; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j5-20020a654d45000000b003816043f10bsi19361728pgt.768.2022.06.21.00.50.00; Tue, 21 Jun 2022 00:50:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fg3yA65Y; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344023AbiFUHjQ (ORCPT + 99 others); Tue, 21 Jun 2022 03:39:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347196AbiFUHiR (ORCPT ); Tue, 21 Jun 2022 03:38:17 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1B7E5FB0 for ; Tue, 21 Jun 2022 00:38:15 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id g10-20020a17090a708a00b001ea8aadd42bso12549143pjk.0 for ; Tue, 21 Jun 2022 00:38:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=nk+fdQE93FqPegDOLztKBITezax/oNzcyKzefYaORp8=; b=fg3yA65YsHeVetLshPkg44ZoS0+r4kYz2gK82/9ZhWuhbuhVCG8b1IdASjgMLW9F8P wo5ttxvpAXD/hkkxsxLIM3+CBiBChOIsQ3RNAzLUsbHjSWRRQ1JoPJeddxJmPypYwIDm uLgUOck8sGg5x8fOxEN70TWDH9gWl9Wbnv+6R/mh1fTzZBKh+XeoxxFhRJgG5PZUK9DW nqfEtw30mbezb6SjSdTry30MQ96gE3J2Hddk1ntmpTBAhiKYHRFYBolJEKTxUXGTeuu/ YfE/BdyNZZwSOCsxvcz1u38p0OwiwbgnrM79Hvr5UZyx3obezETo8+t91kh276rwrnYH KUvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=nk+fdQE93FqPegDOLztKBITezax/oNzcyKzefYaORp8=; b=3eTrGZEWMG/q/4vf9kBK34Lbkpw0XqSwxj1tYXDw/8RErs7fGBDBdBEtRJ+JURqMep Vw92I/Jl6OC+CQFzzVQ9xZ59s/Fh/ypC/dOHbXh/1gq85Qti+P6KRhoak+9+Vp0lRhMR w0saxhZH5gGHj8F3gD/dH0rojwxUxVJWe+8tsr+hhSjB0ZkzO4NxyYpU2ez7bpUFGzP5 lO56+VcjdhR07rcM2F1AQFmdjAXhLGoHCKKSWRkeUeNLbKWlPgeND2e+LvgFhfp/3rZ0 02yoaFx484SStI2aeELc6IF+/Wwm5ly0Cay5z871IlcbVYIdImHu+H6+QY9r5wLahlhx E7rA== X-Gm-Message-State: AJIora9FAi9x2Cd3sUvPxU3O+3DaIjR8PefSDlNB4rO5vpZEsalAjFRE ilJmDC9Q5dQukDc8JBUgBuJdKaeEt3vx2sv1 X-Received: by 2002:a17:902:728d:b0:168:d0cf:2246 with SMTP id d13-20020a170902728d00b00168d0cf2246mr27711694pll.74.1655797095238; Tue, 21 Jun 2022 00:38:15 -0700 (PDT) Received: from [10.97.0.6] ([199.101.192.33]) by smtp.gmail.com with ESMTPSA id z4-20020a17090a66c400b001e345c579d5sm9463008pjl.26.2022.06.21.00.38.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Jun 2022 00:38:14 -0700 (PDT) Subject: Re: [PATCH] uacce: fix concurrency of fops_open and uacce_remove To: Greg Kroah-Hartman , Jean-Philippe Brucker Cc: Arnd Bergmann , Herbert Xu , Wangzhou , Jonathan Cameron , linux-accelerators@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, Yang Shen References: <20220610123423.27496-1-zhangfei.gao@linaro.org> From: Zhangfei Gao Message-ID: Date: Tue, 21 Jun 2022 15:37:31 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 2022/6/20 下午9:36, Greg Kroah-Hartman wrote: > On Mon, Jun 20, 2022 at 02:24:31PM +0100, Jean-Philippe Brucker wrote: >> On Fri, Jun 17, 2022 at 02:05:21PM +0800, Zhangfei Gao wrote: >>>> The refcount only ensures that the uacce_device object is not freed as >>>> long as there are open fds. But uacce_remove() can run while there are >>>> open fds, or fds in the process of being opened. And atfer uacce_remove() >>>> runs, the uacce_device object still exists but is mostly unusable. For >>>> example once the module is freed, uacce->ops is not valid anymore. But >>>> currently uacce_fops_open() may dereference the ops in this case: >>>> >>>> uacce_fops_open() >>>> if (!uacce->parent->driver) >>>> /* Still valid, keep going */ >>>> ... rmmod >>>> uacce_remove() >>>> ... free_module() >>>> uacce->ops->get_queue() /* BUG */ >>> uacce_remove should wait for uacce->queues_lock, until fops_open release the >>> lock. >>> If open happen just after the uacce_remove: unlock, uacce_bind_queue in open >>> should fail. >> Ah yes sorry, I lost sight of what this patch was adding. But we could >> have the same issue with the patch, just in a different order, no? >> >> uacce_fops_open() >> uacce = xa_load() >> ... rmmod > Um, how is rmmod called if the file descriptor is open? > > That should not be possible if the owner of the file descriptor is > properly set. Please fix that up. Thanks Greg Set cdev owner or use module_get/put can block rmmod once fops_open. -       uacce->cdev->owner = THIS_MODULE; +       uacce->cdev->owner = uacce->parent->driver->owner; However, still not find good method to block removing parent pci device. $ echo 1 > /sys/bus/pci/devices/0000:00:02.0/remove & [   32.563350]  uacce_remove+0x6c/0x148 [   32.563353]  hisi_qm_uninit+0x12c/0x178 [   32.563356]  hisi_zip_remove+0xa0/0xd0 [hisi_zip] [   32.563361]  pci_device_remove+0x44/0xd8 [   32.563364]  device_remove+0x54/0x88 [   32.563367]  device_release_driver_internal+0xec/0x1a0 [   32.563370]  device_release_driver+0x20/0x30 [   32.563372]  pci_stop_bus_device+0x8c/0xe0 [   32.563375]  pci_stop_and_remove_bus_device_locked+0x28/0x60 [   32.563378]  remove_store+0x9c/0xb0 [   32.563379]  dev_attr_store+0x20/0x38 mutex_lock(&dev->device_lock) can be used, which used in device_release_driver_internal. Or use internal mutex. Thanks