lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191011203303.GF229325@dtor-ws>
Date:   Fri, 11 Oct 2019 13:33:03 -0700
From:   Dmitry Torokhov <dmitry.torokhov@...il.com>
To:     Benjamin Tissoires <benjamin.tissoires@...hat.com>
Cc:     Andrey Smirnov <andrew.smirnov@...il.com>,
        "open list:HID CORE LAYER" <linux-input@...r.kernel.org>,
        Jiri Kosina <jikos@...nel.org>,
        Henrik Rydberg <rydberg@...math.org>,
        Sam Bazely <sambazley@...tmail.com>,
        "Pierre-Loup A . Griffais" <pgriffais@...vesoftware.com>,
        Austin Palmer <austinp@...vesoftware.com>,
        lkml <linux-kernel@...r.kernel.org>,
        "3.8+" <stable@...r.kernel.org>
Subject: Re: [PATCH 1/3] HID: logitech-hidpp: use devres to manage FF private
 data

On Fri, Oct 11, 2019 at 09:25:52PM +0200, Benjamin Tissoires wrote:
> On Fri, Oct 11, 2019 at 8:26 PM Dmitry Torokhov
> <dmitry.torokhov@...il.com> wrote:
> >
> > On Fri, Oct 11, 2019 at 04:52:04PM +0200, Benjamin Tissoires wrote:
> > > Hi Andrey,
> > >
> > > On Mon, Oct 7, 2019 at 7:13 AM Andrey Smirnov <andrew.smirnov@...il.com> wrote:
> > > >
> > > > To simplify resource management in commit that follows as well as to
> > > > save a couple of extra kfree()s and simplify hidpp_ff_deinit() switch
> > > > driver code to use devres to manage the life-cycle of FF private data.
> > > >
> > > > Signed-off-by: Andrey Smirnov <andrew.smirnov@...il.com>
> > > > Cc: Jiri Kosina <jikos@...nel.org>
> > > > Cc: Benjamin Tissoires <benjamin.tissoires@...hat.com>
> > > > Cc: Henrik Rydberg <rydberg@...math.org>
> > > > Cc: Sam Bazely <sambazley@...tmail.com>
> > > > Cc: Pierre-Loup A. Griffais <pgriffais@...vesoftware.com>
> > > > Cc: Austin Palmer <austinp@...vesoftware.com>
> > > > Cc: linux-input@...r.kernel.org
> > > > Cc: linux-kernel@...r.kernel.org
> > > > Cc: stable@...r.kernel.org
> > >
> > > This patch doesn't seem to fix any error, is there a reason to send it
> > > to stable? (besides as a dependency of the rest of the series).
> > >
> > > > ---
> > > >  drivers/hid/hid-logitech-hidpp.c | 53 +++++++++++++++++---------------
> > > >  1 file changed, 29 insertions(+), 24 deletions(-)
> > > >
> > > > diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
> > > > index 0179f7ed77e5..58eb928224e5 100644
> > > > --- a/drivers/hid/hid-logitech-hidpp.c
> > > > +++ b/drivers/hid/hid-logitech-hidpp.c
> > > > @@ -2079,6 +2079,11 @@ static void hidpp_ff_destroy(struct ff_device *ff)
> > > >         struct hidpp_ff_private_data *data = ff->private;
> > > >
> > > >         kfree(data->effect_ids);
> > >
> > > Is there any reasons we can not also devm alloc data->effect_ids?
> > >
> > > > +       /*
> > > > +        * Set private to NULL to prevent input_ff_destroy() from
> > > > +        * freeing our devres allocated memory
> > >
> > > Ouch. There is something wrong here: input_ff_destroy() calls
> > > kfree(ff->private), when the data has not been allocated by
> > > input_ff_create(). This seems to lack a little bit of symmetry.
> >
> > Yeah, ff and ff-memless essentially take over the private data assigned
> > to them. They were done before devm and the lifetime of the "private"
> > data pieces was tied to the lifetime of the input device to simplify
> > error handling and teardown.
> 
> Yeah, that stealing of the pointer is not good :)
> But OTOH, it helps
> 
> >
> > Maybe we should clean it up a bit... I'm open to suggestions.
> 
> The problem I had when doing the review was that there is no easy way
> to have a "devm_input_ff_create_()", because the way it's built is
> already "devres-compatible": the destroy gets called by input core.

I do not think we want devm_input_ff_create() explicitly, I think the
fact that you can "build up" an input device by allocating it, then
adding slots, poller, ff support, etc, and input core cleans it up is
all good. It is just the ownership if the driver-private data block is
not very obvious and is not compatible with allocating via devm.

> 
> So I don't have a good answer to simplify in a transparent manner
> without breaking the API.
> 
> >
> > In this case maybe best way is to get rid of hidpp_ff_destroy() and not
> > set ff->private and rely on devm to free the buffers. One can get to
> > device private data from ff methods via input_get_drvdata() since they
> > all (except destroy) are passed input device pointer.
> 
> Sounds like a good idea. However, it seems there might be a race when
> removing the workqueue:
> the workqueue gets deleted in hidpp_remove, when the input node will
> be freed by devres, so after the call of hidpp_remove.

Yeah, well, that is a common issue with mixing devm and normal resources
(and workqueue here is that "normal" resource), and we should either:

- not use devm
- use devm_add_action_or_reset() to work in custom actions that work
  freeing of non-managed resources into devm flow.

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ