Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
On Tue, Nov 01, 2016 at 12:48:48PM -0400, David Miller wrote:
> From: Johan Hovold 
> Date: Tue, 1 Nov 2016 17:42:25 +0100
> 
> > On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
> >> From: Johan Hovold 
> >> Date: Tue,  1 Nov 2016 12:03:35 +0100
> >> 
> >> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> >> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > index 054a8dd23dae..589beb843f56 100644
> >> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, 
> >> > phy_interface_t phy_mode, int slave)
> >> >  }
> >> >  
> >> >  dev = bus_find_device(_bus_type, NULL, node, match);
> >> > +of_node_put(node);
> >> >  priv = dev_get_drvdata(dev);
> >> >  
> >> > +put_device(dev);
> >> > +
> >> >  priv->cpsw_phy_sel(priv, phy_mode, slave);
> >> >  }
> >> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
> >> 
> >> The only reference you have to 'dev' is the one obtained from the
> >> bus_find_device() call, therefore you must at least hold onto
> >> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.
> > 
> > As I mentioned in the commit message "...there is no guarantee that the
> > devres-managed struct cpsw_phy_sel_priv will continue to be valid until
> > this function returns regardless of this change".
> > 
> > Specifically, holding a reference to dev does not prevent the
> > cpsw_phy_sel driver from being unbound and priv from being freed.
> 
> But you should at least hold onto the object while you call a function
> pointer embedded in a data structure referred by it.

But there is no such reference to be held (currently). While priv is
valid (i.e. dev has a driver bound), driver core will hold a reference
to dev. If someone unbinds the driver, priv will be gone long before dev
and all bets are off anyway.

So I released the reference to dev before dereferencing priv on purpose
to avoid having someone make false assumptions about the lifetime of priv.

Johan

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
On Tue, Nov 01, 2016 at 12:48:48PM -0400, David Miller wrote:
> From: Johan Hovold 
> Date: Tue, 1 Nov 2016 17:42:25 +0100
> 
> > On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
> >> From: Johan Hovold 
> >> Date: Tue,  1 Nov 2016 12:03:35 +0100
> >> 
> >> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> >> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > index 054a8dd23dae..589beb843f56 100644
> >> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> >> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, 
> >> > phy_interface_t phy_mode, int slave)
> >> >  }
> >> >  
> >> >  dev = bus_find_device(_bus_type, NULL, node, match);
> >> > +of_node_put(node);
> >> >  priv = dev_get_drvdata(dev);
> >> >  
> >> > +put_device(dev);
> >> > +
> >> >  priv->cpsw_phy_sel(priv, phy_mode, slave);
> >> >  }
> >> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
> >> 
> >> The only reference you have to 'dev' is the one obtained from the
> >> bus_find_device() call, therefore you must at least hold onto
> >> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.
> > 
> > As I mentioned in the commit message "...there is no guarantee that the
> > devres-managed struct cpsw_phy_sel_priv will continue to be valid until
> > this function returns regardless of this change".
> > 
> > Specifically, holding a reference to dev does not prevent the
> > cpsw_phy_sel driver from being unbound and priv from being freed.
> 
> But you should at least hold onto the object while you call a function
> pointer embedded in a data structure referred by it.

But there is no such reference to be held (currently). While priv is
valid (i.e. dev has a driver bound), driver core will hold a reference
to dev. If someone unbinds the driver, priv will be gone long before dev
and all bets are off anyway.

So I released the reference to dev before dereferencing priv on purpose
to avoid having someone make false assumptions about the lifetime of priv.

Johan

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread David Miller 
From: Johan Hovold 
Date: Tue, 1 Nov 2016 17:42:25 +0100

> On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
>> From: Johan Hovold 
>> Date: Tue,  1 Nov 2016 12:03:35 +0100
>> 
>> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
>> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > index 054a8dd23dae..589beb843f56 100644
>> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
>> > phy_mode, int slave)
>> >}
>> >  
>> >dev = bus_find_device(_bus_type, NULL, node, match);
>> > +  of_node_put(node);
>> >priv = dev_get_drvdata(dev);
>> >  
>> > +  put_device(dev);
>> > +
>> >priv->cpsw_phy_sel(priv, phy_mode, slave);
>> >  }
>> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
>> 
>> The only reference you have to 'dev' is the one obtained from the
>> bus_find_device() call, therefore you must at least hold onto
>> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.
> 
> As I mentioned in the commit message "...there is no guarantee that the
> devres-managed struct cpsw_phy_sel_priv will continue to be valid until
> this function returns regardless of this change".
> 
> Specifically, holding a reference to dev does not prevent the
> cpsw_phy_sel driver from being unbound and priv from being freed.

But you should at least hold onto the object while you call a function
pointer embedded in a data structure referred by it.

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread David Miller 
From: Johan Hovold 
Date: Tue, 1 Nov 2016 17:42:25 +0100

> On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
>> From: Johan Hovold 
>> Date: Tue,  1 Nov 2016 12:03:35 +0100
>> 
>> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
>> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > index 054a8dd23dae..589beb843f56 100644
>> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
>> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
>> > phy_mode, int slave)
>> >}
>> >  
>> >dev = bus_find_device(_bus_type, NULL, node, match);
>> > +  of_node_put(node);
>> >priv = dev_get_drvdata(dev);
>> >  
>> > +  put_device(dev);
>> > +
>> >priv->cpsw_phy_sel(priv, phy_mode, slave);
>> >  }
>> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
>> 
>> The only reference you have to 'dev' is the one obtained from the
>> bus_find_device() call, therefore you must at least hold onto
>> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.
> 
> As I mentioned in the commit message "...there is no guarantee that the
> devres-managed struct cpsw_phy_sel_priv will continue to be valid until
> this function returns regardless of this change".
> 
> Specifically, holding a reference to dev does not prevent the
> cpsw_phy_sel driver from being unbound and priv from being freed.

But you should at least hold onto the object while you call a function
pointer embedded in a data structure referred by it.

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
> From: Johan Hovold 
> Date: Tue,  1 Nov 2016 12:03:35 +0100
> 
> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > index 054a8dd23dae..589beb843f56 100644
> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
> > phy_mode, int slave)
> > }
> >  
> > dev = bus_find_device(_bus_type, NULL, node, match);
> > +   of_node_put(node);
> > priv = dev_get_drvdata(dev);
> >  
> > +   put_device(dev);
> > +
> > priv->cpsw_phy_sel(priv, phy_mode, slave);
> >  }
> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
> 
> The only reference you have to 'dev' is the one obtained from the
> bus_find_device() call, therefore you must at least hold onto
> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.

As I mentioned in the commit message "...there is no guarantee that the
devres-managed struct cpsw_phy_sel_priv will continue to be valid until
this function returns regardless of this change".

Specifically, holding a reference to dev does not prevent the
cpsw_phy_sel driver from being unbound and priv from being freed.

Thanks,
Johan

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
On Tue, Nov 01, 2016 at 12:27:11PM -0400, David Miller wrote:
> From: Johan Hovold 
> Date: Tue,  1 Nov 2016 12:03:35 +0100
> 
> > diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> > b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > index 054a8dd23dae..589beb843f56 100644
> > --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> > @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
> > phy_mode, int slave)
> > }
> >  
> > dev = bus_find_device(_bus_type, NULL, node, match);
> > +   of_node_put(node);
> > priv = dev_get_drvdata(dev);
> >  
> > +   put_device(dev);
> > +
> > priv->cpsw_phy_sel(priv, phy_mode, slave);
> >  }
> >  EXPORT_SYMBOL_GPL(cpsw_phy_sel);
> 
> The only reference you have to 'dev' is the one obtained from the
> bus_find_device() call, therefore you must at least hold onto
> 'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.

As I mentioned in the commit message "...there is no guarantee that the
devres-managed struct cpsw_phy_sel_priv will continue to be valid until
this function returns regardless of this change".

Specifically, holding a reference to dev does not prevent the
cpsw_phy_sel driver from being unbound and priv from being freed.

Thanks,
Johan

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread David Miller 
From: Johan Hovold 
Date: Tue,  1 Nov 2016 12:03:35 +0100

> diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> index 054a8dd23dae..589beb843f56 100644
> --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
> phy_mode, int slave)
>   }
>  
>   dev = bus_find_device(_bus_type, NULL, node, match);
> + of_node_put(node);
>   priv = dev_get_drvdata(dev);
>  
> + put_device(dev);
> +
>   priv->cpsw_phy_sel(priv, phy_mode, slave);
>  }
>  EXPORT_SYMBOL_GPL(cpsw_phy_sel);

The only reference you have to 'dev' is the one obtained from the
bus_find_device() call, therefore you must at least hold onto
'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.

Re: [PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread David Miller 
From: Johan Hovold 
Date: Tue,  1 Nov 2016 12:03:35 +0100

> diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
> b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> index 054a8dd23dae..589beb843f56 100644
> --- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
> +++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
> @@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
> phy_mode, int slave)
>   }
>  
>   dev = bus_find_device(_bus_type, NULL, node, match);
> + of_node_put(node);
>   priv = dev_get_drvdata(dev);
>  
> + put_device(dev);
> +
>   priv->cpsw_phy_sel(priv, phy_mode, slave);
>  }
>  EXPORT_SYMBOL_GPL(cpsw_phy_sel);

The only reference you have to 'dev' is the one obtained from the
bus_find_device() call, therefore you must at least hold onto
'dev' until after the priv->cpsw_phy_sel(priv, phy_mode, slave); call.

[PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
Make sure to drop the references taken by of_get_child_by_name() and
bus_find_device() before returning from cpsw_phy_sel().

Note that there is no guarantee that the devres-managed struct
cpsw_phy_sel_priv will continue to be valid until this function returns
regardless of this change.

Fixes: 5892cd135e16 ("drivers: net: cpsw-phy-sel: Add new driver...")
Signed-off-by: Johan Hovold 
---
 drivers/net/ethernet/ti/cpsw-phy-sel.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
b/drivers/net/ethernet/ti/cpsw-phy-sel.c
index 054a8dd23dae..589beb843f56 100644
--- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
+++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
@@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
phy_mode, int slave)
}
 
dev = bus_find_device(_bus_type, NULL, node, match);
+   of_node_put(node);
priv = dev_get_drvdata(dev);
 
+   put_device(dev);
+
priv->cpsw_phy_sel(priv, phy_mode, slave);
 }
 EXPORT_SYMBOL_GPL(cpsw_phy_sel);
-- 
2.7.3

[PATCH net 2/4] net: ethernet: ti: cpsw: fix device and of_node leaks

2016-11-01 Thread Johan Hovold 
Make sure to drop the references taken by of_get_child_by_name() and
bus_find_device() before returning from cpsw_phy_sel().

Note that there is no guarantee that the devres-managed struct
cpsw_phy_sel_priv will continue to be valid until this function returns
regardless of this change.

Fixes: 5892cd135e16 ("drivers: net: cpsw-phy-sel: Add new driver...")
Signed-off-by: Johan Hovold 
---
 drivers/net/ethernet/ti/cpsw-phy-sel.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/ti/cpsw-phy-sel.c 
b/drivers/net/ethernet/ti/cpsw-phy-sel.c
index 054a8dd23dae..589beb843f56 100644
--- a/drivers/net/ethernet/ti/cpsw-phy-sel.c
+++ b/drivers/net/ethernet/ti/cpsw-phy-sel.c
@@ -176,8 +176,11 @@ void cpsw_phy_sel(struct device *dev, phy_interface_t 
phy_mode, int slave)
}
 
dev = bus_find_device(_bus_type, NULL, node, match);
+   of_node_put(node);
priv = dev_get_drvdata(dev);
 
+   put_device(dev);
+
priv->cpsw_phy_sel(priv, phy_mode, slave);
 }
 EXPORT_SYMBOL_GPL(cpsw_phy_sel);
-- 
2.7.3