lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b397b47e-f1fa-4589-9f07-d59ce743ec89@vivo.com>
Date: Mon, 2 Sep 2024 15:15:48 +0800
From: Yuesong Li <liyuesong@...o.com>
To: Krzysztof Kozlowski <krzk@...nel.org>, Jakub Kicinski <kuba@...nel.org>,
 Geert Uytterhoeven <geert@...ux-m68k.org>,
 "David S. Miller" <davem@...emloft.net>, Mark Brown <broonie@...nel.org>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Paolo Abeni <pabeni@...hat.com>
Cc: Daniel Mack <daniel@...que.org>, Haojian Zhuang
 <haojian.zhuang@...il.com>, Robert Jarzmik <robert.jarzmik@...e.fr>,
 linux-arm-kernel@...ts.infradead.org, linux-spi@...r.kernel.org,
 linux-kernel@...r.kernel.org, opensource.kernel@...o.com,
 Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
 Yang Ruibin <11162571@...o.com>
Subject: Re: [PATCH v2] drivers: spi: Insert the missing pci_dev_put()before
 return



On 2024/8/31 1:10, Krzysztof Kozlowski wrote:
> On 30/08/2024 10:55, Geert Uytterhoeven wrote:
>> Hi Yang,
>>
>> On Thu, Aug 29, 2024 at 5:35 AM Yang Ruibin <11162571@...o.com> wrote:
>>> Increase the reference count by calling pci_get_slot(), and remember to
>>> decrement the reference count by calling pci_dev_put().
>>>
>>> Signed-off-by: Yang Ruibin <11162571@...o.com>
>>
>> Thanks for your patch, which is now commit 8a0ec8c2d736961f ("spi:
>> Insert the missing pci_dev_put()before return") in spi/for-next.
>>
>>> --- a/drivers/spi/spi-pxa2xx-pci.c
>>> +++ b/drivers/spi/spi-pxa2xx-pci.c
>>> @@ -146,8 +146,10 @@ static int lpss_spi_setup(struct pci_dev *dev, struct pxa2xx_spi_controller *c)
>>>          c->num_chipselect = 1;
>>>
>>>          ret = pxa2xx_spi_pci_clk_register(dev, ssp, 50000000);
>>> -       if (ret)
>>> +       if (ret) {
>>> +               pci_dev_put(dma_dev);
>>
>> dma_dev is still uninitialized at this point.
>>
>>>                  return ret;
>>> +       }
>>>
>>>          dma_dev = pci_get_slot(dev->bus, PCI_DEVFN(PCI_SLOT(dev->devfn), 0));
>>
>> dma_dev is initialized only here...
>>
>>>          ret = devm_add_action_or_reset(&dev->dev, lpss_dma_put_device, dma_dev);
>>
>> ... and freed automatically by lpss_dma_put_device() in case of
>> any later failures since commit 609d7ffdc42199a0 ("spi: pxa2xx-pci:
>> Balance reference count for PCI DMA device") in v5.18.
>>
>>> @@ -222,8 +224,10 @@ static int mrfld_spi_setup(struct pci_dev *dev, struct pxa2xx_spi_controller *c)
>>>          }
>>>
>>>          ret = pxa2xx_spi_pci_clk_register(dev, ssp, 25000000);
>>> -       if (ret)
>>> +       if (ret) {
>>> +               pci_dev_put(dma_dev);
>>>                  return ret;
>>> +       }
>>>
>>>          dma_dev = pci_get_slot(dev->bus, PCI_DEVFN(21, 0));
>>>          ret = devm_add_action_or_reset(&dev->dev, lpss_dma_put_device, dma_dev);
>>
>> Likewise.
>>
>> Hence this patch is not needed, and introduced two bugs.
> 
> Cc Greg, Jakub, David and Paolo,
> 
> It seems Vivo (at least two persons from vivo.com) is sending patches
> generated through some sort of automation without really knowing what
> they were doing. All of the patches look like innocent
> cleanups/simplifications/fixes, but they do more.
> 
> This patch here looks like introducing two bugs.
> 
> These patches:
> 1. https://lore.kernel.org/all/20240830033251.232992-1-yujiaoliang@vivo.com/
> 
> 2. https://lore.kernel.org/all/20240828122650.1324246-1-11162571@vivo.com/
> (I sent a revert for this)
> 
> 3. https://lore.kernel.org/all/20240829072016.2329466-1-11162571@vivo.com/
> 
> and probably more...
> 
> introduce dev_err_probe() outside of probe path which is not desired,
> because it marks a probed (working) device as deferred.
> 
> The patches look trivial and/or helpful, so people tend to accept them
> through default trust.
> 
> I kindly suggest reverse - do not trust them by default and instead do a
> thorough review before accepting any cleanup/trivial patch from @vivo.com.
> 
> Best regards,
> Krzysztof
> 
> 

Dear Geert, Krzysztof, and the Linux Kernel Community,

I hope this message finds you well. My name is Yuesong Li, and I am 
writing on behalf of VIVO to sincerely apologize for the recent issues 
caused by the patches submitted by our team members. We deeply regret 
the problems that these submissions have introduced and the concerns 
they have raised within the community.

We recognize that the patches submitted were not up to the standards 
expected by the Linux kernel community. It is clear that our team 
members did not fully understand the implications of their 
contributions, leading to errors and the need for reverts. This is 
entirely our responsibility, and we are committed to ensuring that this 
does not happen again.

To address these issues, VIVO is taking the following steps:

1.Training for employees: We are implementing a comprehensive training 
program for all employees who contribute to open source projects. This 
training will focus on understanding the intricacies of the Linux 
kernel, best practices for code submissions, and the importance of 
thorough testing and review before submitting patches.

2.Enhanced Internal Review Process: Moving forward, we will enforce a 
more rigorous internal review process for all patches before they are 
submitted to the community. This will involve senior developers with 
experience in the open source community who will guide and review the 
work of less experienced contributors.

We value the open-source community and the collaborative spirit that 
drives it. VIVO is committed to contributing positively and responsibly 
moving forward. We kindly ask for your forgiveness for the mistakes 
we've made and your understanding as we take concrete steps to improve.

Thank you for your continued dedication to the Linux kernel, and please 
feel free to reach out if there are any further concerns or if you have 
suggestions on how we can better align with the community's expectations.

Best Regards,
Yuesong Li
VIVO

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ