| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CY5PR11MB636673873E2E74F55D46937CED51A@CY5PR11MB6366.namprd11.prod.outlook.com> Date: Thu, 17 Jul 2025 11:54:18 +0000 From: "Usyskin, Alexander" <alexander.usyskin@...el.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> CC: "Abliyev, Reuven" <reuven.abliyev@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [char-misc-next v3 2/5] mei: make char device control its own lifetime > Subject: Re: [char-misc-next v3 2/5] mei: make char device control its own > lifetime > > On Wed, Jul 09, 2025 at 06:13:41PM +0300, Alexander Usyskin wrote: > > Allocate character device dynamically and allow to > > control its own lifetime as it may outlive mei_device > > structure while character device closes after parent > > device is removed from the system. > > > > Signed-off-by: Alexander Usyskin <alexander.usyskin@...el.com> > > --- > > drivers/misc/mei/main.c | 36 +++++++++++++++++++++++------------- > > drivers/misc/mei/mei_dev.h | 4 ++-- > > 2 files changed, 25 insertions(+), 15 deletions(-) > > > > diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c > > index 95d4c1d8e4e6..5335cf39d663 100644 > > --- a/drivers/misc/mei/main.c > > +++ b/drivers/misc/mei/main.c > > @@ -51,7 +51,9 @@ static int mei_open(struct inode *inode, struct file > *file) > > > > int err; > > > > - dev = container_of(inode->i_cdev, struct mei_device, cdev); > > + dev = idr_find(&mei_idr, iminor(inode)); > > What keeps the device structure in this idr after it has been removed > from the system before the char device is closed? Does the class device > lifespan outlive this? It seems like it really isn't saved anywhere, > but the release function accesses it, right? > > Or is that a _different_ device pointer? How many different > pointers/structures are associated with a struct mei_device now? > At this point in series mei_device still managed via parent device devm and this patch is not fixing that problem. This patch fixes the problem where cdev outlives mei_device: - We are calling put_device in mei_release that can free mei_device - cdev calls put_ref on itself after mei_release exits This is the reason we need cdev to manage it own lifetime. The last patch in the series moves cdev parent to be the class device and manages mei_device structure lifetime on class device. That make mei_device structure alive till the char device release last reference to the class device. Seems like that I should merge this patch with last in this series for clarity. Will send next revision with this merged so you can review whole thing together. - - Thanks, Sasha
Powered by blists - more mailing lists