On Tue, Sep 14, 2021 at 10:01 AM Sasha Levin <sashal@xxxxxxxxxx> wrote: > > On Tue, Sep 14, 2021 at 08:42:04AM -0700, Dan Williams wrote: > >On Mon, Sep 13, 2021 at 3:33 PM Sasha Levin <sashal@xxxxxxxxxx> wrote: > >> > >> From: Dan Williams <dan.j.williams@xxxxxxxxx> > >> > >> [ Upstream commit 9cc238c7a526dba9ee8c210fa2828886fc65db66 ] > >> > >> In preparation for moving cxl_memdev allocation to the core, introduce > >> cdevm_file_operations to coordinate file operations shutdown relative to > >> driver data release. > >> > >> The motivation for moving cxl_memdev allocation to the core (beyond > >> better file organization of sysfs attributes in core/ and drivers in > >> cxl/), is that device lifetime is longer than module lifetime. The cxl_pci > >> module should be free to come and go without needing to coordinate with > >> devices that need the text associated with cxl_memdev_release() to stay > >> resident. The move will fix a use after free bug when looping driver > >> load / unload with CONFIG_DEBUG_KOBJECT_RELEASE=y. > >> > >> Another motivation for passing in file_operations to the core cxl_memdev > >> creation flow is to allow for alternate drivers, like unit test code, to > >> define their own ioctl backends. > > > >Hi Sasha, > > > >Please drop this. It's not a fix, it's just a reorganization for > >easing the addition of new features and capabilities. > > I'll drop it, but just to satisfy my curiousity: the description says it > fixes a use-after-free bug in the existing code, is it not the case? It does fix a problem if the final put_device() happens after the module text has been unloaded. However, I am only aware of the artificial trigger for that (CONFIG_DEBUG_KOBJECT_RELEASE=y). I.e. if CONFIG_DEBUG_KOBJECT_RELEASE=n I am not aware of any agent that will hold a device reference besides the driver itself. That was the rationale for not tagging this for -stable.
