[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <161661971651.1721612.7457823773061754064.stgit@dwillia2-desk3.amr.corp.intel.com>
Date: Wed, 24 Mar 2021 14:01:56 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: linux-cxl@...r.kernel.org
Cc: Jason Gunthorpe <jgg@...dia.com>, ira.weiny@...el.com,
vishal.l.verma@...el.com, alison.schofield@...el.com,
linux-kernel@...r.kernel.org
Subject: [PATCH 2/4] cxl/mem: Fix cdev_device_add() error handling
If cdev_device_add() fails then the allocation performed by
dev_set_name() is leaked. Use put_device(), not open coded release, for
device_add() failures.
The comment is obsolete because direct err_id failures need not worry
about the device being live.
The release method expects the percpu_ref is already dead, so
percpu_ref_kill() is needed before put_device(). However, given that the
cdev was partially live wait_for_completion() also belongs in the
release method.
Fixes: b39cb1052a5c ("cxl/mem: Register CXL memX devices")
Reported-by: Jason Gunthorpe <jgg@...dia.com>
Signed-off-by: Dan Williams <dan.j.williams@...el.com>
---
drivers/cxl/mem.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/drivers/cxl/mem.c b/drivers/cxl/mem.c
index 30bf4f0f3c17..e53d573ae4ab 100644
--- a/drivers/cxl/mem.c
+++ b/drivers/cxl/mem.c
@@ -1049,6 +1049,7 @@ static void cxl_memdev_release(struct device *dev)
{
struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
+ wait_for_completion(&cxlmd->ops_dead);
percpu_ref_exit(&cxlmd->ops_active);
ida_free(&cxl_memdev_ida, cxlmd->id);
kfree(cxlmd);
@@ -1157,7 +1158,6 @@ static void cxlmdev_unregister(void *_cxlmd)
percpu_ref_kill(&cxlmd->ops_active);
cdev_device_del(&cxlmd->cdev, dev);
- wait_for_completion(&cxlmd->ops_dead);
cxlmd->cxlm = NULL;
put_device(dev);
}
@@ -1210,20 +1210,16 @@ static int cxl_mem_add_memdev(struct cxl_mem *cxlm)
cdev_init(cdev, &cxl_memdev_fops);
rc = cdev_device_add(cdev, dev);
- if (rc)
- goto err_add;
+ if (rc) {
+ percpu_ref_kill(&cxlmd->ops_active);
+ put_device(dev);
+ return rc;
+ }
return devm_add_action_or_reset(dev->parent, cxlmdev_unregister, cxlmd);
-err_add:
- ida_free(&cxl_memdev_ida, cxlmd->id);
err_id:
- /*
- * Theoretically userspace could have already entered the fops,
- * so flush ops_active.
- */
percpu_ref_kill(&cxlmd->ops_active);
- wait_for_completion(&cxlmd->ops_dead);
percpu_ref_exit(&cxlmd->ops_active);
err_ref:
kfree(cxlmd);
Powered by blists - more mailing lists