Re: [PATCH v1 1/1] gpio: mockup: Convert to use software nodes

Andy Shevchenko <andy.shevchenko@xxxxxxxxx> · Tue, 5 Oct 2021 12:30:51 +0300

On Tue, Oct 5, 2021 at 12:28 PM Kent Gibson <warthog618@xxxxxxxxx> wrote:
>
> On Tue, Oct 05, 2021 at 12:10:16PM +0300, Andy Shevchenko wrote:
> > The gpio-mockup driver creates a properties that are shared between
> > platform and GPIO devices. Because of that, the properties may not
> > be removed at the proper point of time without provoking use-after-free
> > as shown in the backtrace:
> >
> >   refcount_t: underflow; use-after-free.
> >   WARNING: CPU: 0 PID: 103 at lib/refcount.c:28 refcount_warn_saturate+0xd1/0x120
> >   ...
> >   Call Trace:
> >   kobject_put+0xdc/0xf0
> >   software_node_notify_remove+0xa8/0xc0
> >   device_del+0x15a/0x3e0
> >
> > That's why the driver has to manage lifetime of the software nodes by itself.
> >
> > The problem originates by the old device_add_properties() API, but has been
> > only revealed after the commit 5aeb05b27f81 ("software node: balance refcount
> > for managed software nodes"). Hence, it's used as landmark for the backporting.
> >
> > Fixes: 5aeb05b27f81 ("software node: balance refcount for managed software nodes")
>
> Shouldn't that be:
> Fixes: bd1e336aa853 ("driver core: platform: Remove platform_device_add_properties()")

I think you are right. I thought that it happened during the last rc-week.

> > Reported-by: Kent Gibson <warthog618@xxxxxxxxx>
> > Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
>
> Other than that, looks good and works for me.
>
> Tested-by: Kent Gibson <warthog618@xxxxxxxxx>

Thanks!

-- 
With Best Regards,
Andy Shevchenko