> -----Original Message-----
> From: Jakub Kicinski <[email protected]>
> Sent: Saturday, May 2, 2026 7:27 PM
> To: Nitka, Grzegorz <[email protected]>
> Cc: [email protected]; [email protected]; intel-wired-
> [email protected]; Oros, Petr <[email protected]>;
> [email protected]; [email protected]; Kitszel, Przemyslaw
> <[email protected]>; Nguyen, Anthony L
> <[email protected]>; [email protected]; Vecera,
> Ivan <[email protected]>; [email protected]; Kubalewski, Arkadiusz
> <[email protected]>; [email protected];
> [email protected]; [email protected]; [email protected];
> [email protected]; [email protected]; Jiri Pirko <[email protected]>;
> Loktionov, Aleksandr <[email protected]>
> Subject: Re: [PATCH v7 net-next 2/8] dpll: allow registering FW-identified pin
> with a different DPLL
>
> On Thu, 30 Apr 2026 11:42:32 +0200 Grzegorz Nitka wrote:
> > Relax the (module, clock_id) equality requirement when registering a
> > pin identified by firmware (pin->fwnode). Some platforms associate a
> > FW-described pin with a DPLL instance that differs from the pin's
> > (module, clock_id) tuple. For such pins, permit registration without
> > requiring the strict match. Non-FW pins still require equality.
>
> AI asks what prevents the modules from disappearing:
>
> Does this relaxed check expose pin->module to a use-after-free during
> netlink queries?
> If module A registers a firmware-described pin allocated by module B,
> they will have different module pointers.
> Because fwnode_dpll_pin_find() increases the pin's refcount but does
> not take a reference to module B via try_module_get(), it appears module B
> could be unloaded while module A still holds an active reference to the pin.
> When module B unloads, its struct module memory is freed, leaving
> pin->module as a dangling pointer.
> A subsequent user-space Netlink query using DPLL_CMD_PIN_GET iterates
> over
> the registered pins and calls nla_put_string() with module_name(pin-
> >module),
> which would dereference the freed module memory.
This AI review comment is a valid concern.
I'm going, of course, to address it in the next iteration.
Thanks
Grzegorz
