Re: [PATCH v5 1/5] counter: Internalize sysfs interface code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 20, 2020 at 10:38:43AM -0500, David Lechner wrote:
> On 10/18/20 9:49 AM, William Breathitt Gray wrote:
> > On Mon, Oct 12, 2020 at 09:15:00PM -0500, David Lechner wrote:
> >> On 9/26/20 9:18 PM, William Breathitt Gray wrote:
> >>> diff --git a/drivers/counter/counter-core.c b/drivers/counter/counter-core.c
> >>> new file mode 100644
> >>> index 000000000000..987c6e8277eb
> >>> --- /dev/null
> >>> +++ b/drivers/counter/counter-core.c
> >>
> >>
> >>> +/**
> >>> + * counter_register - register Counter to the system
> >>> + * @counter:	pointer to Counter to register
> >>> + *
> >>> + * This function registers a Counter to the system. A sysfs "counter" directory
> >>> + * will be created and populated with sysfs attributes correlating with the
> >>> + * Counter Signals, Synapses, and Counts respectively.
> >>> + */
> >>> +int counter_register(struct counter_device *const counter)
> >>> +{
> >>> +	struct device *const dev = &counter->dev;
> >>> +	int err;
> >>> +
> >>> +	/* Acquire unique ID */
> >>> +	counter->id = ida_simple_get(&counter_ida, 0, 0, GFP_KERNEL);
> >>> +	if (counter->id < 0)
> >>> +		return counter->id;
> >>> +
> >>> +	/* Configure device structure for Counter */
> >>> +	dev->type = &counter_device_type;
> >>> +	dev->bus = &counter_bus_type;
> >>> +	if (counter->parent) {
> >>> +		dev->parent = counter->parent;
> >>> +		dev->of_node = counter->parent->of_node;
> >>> +	}
> >>> +	dev_set_name(dev, "counter%d", counter->id);
> >>> +	device_initialize(dev);> +	dev_set_drvdata(dev, counter);
> >>> +
> >>> +	/* Add Counter sysfs attributes */
> >>> +	err = counter_sysfs_add(counter);
> >>> +	if (err)
> >>> +		goto err_free_id;
> >>> +
> >>> +	/* Add device to system */
> >>> +	err = device_add(dev);
> >>> +	if (err) {
> >>> +		put_device(dev);
> >>> +		goto err_free_id;
> >>> +	}
> >>> +
> >>> +	return 0;
> >>> +
> >>> +err_free_id:
> >>> +	/* get_device/put_device combo used to free managed resources */
> >>> +	get_device(dev);
> >>> +	put_device(dev);
> >>
> >> I've never seen this in a driver before, so it makes me think this is
> >> not the "right way" to do this. After device_initialize() is called, we
> >> already should have a reference to dev, so only device_put() is needed.
> > 
> > I do admit this feels very hacky, but I'm not sure how to handle this
> > more elegantly. The problem is that device_initialize() is not enough by
> > itself -- it just initializes the structure, while device_add()
> > increments the reference count via a call to get_device().
> 
> add_device() also releases this reference by calling put_device() in all
> return paths. The reference count is initialized to 1 in device_initialize().
> 
> device_initialize > kobject_init > kobject_init_internal > kref_init

You're right, I completely overlooked this: kref_init() initializes the
reference count to 1. Therefore, the get_device() call is incorrect and
should be be removed.

> > 
> > So let's assume counter_sysfs_add() fails and we go to err_free_id
> > before device_add() is called; if we ignore get_device(), the reference
> > count will be 0 at this point. We then call put_device(), which calls
> > kobject_put(), kref_put(), and eventually refcount_dec_and_test().
> > 
> > The refcount_dec_and_test() function returns 0 at this point because the
> > reference count can't be decremented further (refcount is already 0), so
> > release() is never called and we end up leaking all the memory we
> > allocated in counter_sysfs_add().
> > 
> > Is my logic correct here?
> 
> Not quite. I think you missed a few things I mentioned above. So we never
> have a ref count of 0 until the very last call to put_device().

Ack.

William Breathitt Gray

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Input]     [Linux Kernel]     [Linux SCSI]     [X.org]

  Powered by Linux