[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54BD62B5.7050205@metafoo.de>
Date: Mon, 19 Jan 2015 21:01:57 +0100
From: Lars-Peter Clausen <lars@...afoo.de>
To: Wolfram Sang <wsa@...-dreams.de>
CC: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linuxppc-dev@...ts.ozlabs.org, linux-mips@...ux-mips.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jean Delvare <jdelvare@...e.de>,
Julia Lawall <julia.lawall@...6.fr>,
Pantelis Antoniou <pantelis.antoniou@...sulko.com>
Subject: Re: [PATCH] i2c: drop ancient protection against sysfs refcounting
issues
On 01/19/2015 07:55 PM, Wolfram Sang wrote:
[...]
>
> Let's get rid of this code before really nobody knows/understands
> anymore what this was for and if it has a subtle use.
Getting rid of this is the right thing, cause it's just not how it should be
done, but unfortunately it is not as simple as this. The problem is that the
adapter is typically embedded in the parent device's state struct. This state
struct is typically freed directly after calling i2c_del_adapter(). If there is
still something holding a reference to the adapter this will result in a use
after free. To do this properly i2c_add_adapter() needs to be changed to
i2c_alloc_adapter() that returns a pointer to a newly allocated adapter.
i2c_free_adapter() will then only drop a reference to the adapter, but not free
any memory. Once the last reference has been removed the memory can then be
freed in the release callback.
The other issue is as long as something has a reference to the adapter they can
run operations on the adapter. So freeing the adapter also has to make sure
that any further operations that are performed on the adapter do no longer call
into the device specific ops, but rather returns -ENODEV, or similar.
- Lars
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists