[v8,02/13] squash! max9286: convert probe kzalloc

Message ID	20200409121202.11130-3-kieran.bingham+renesas@ideasonboard.com (mailing list archive)
State	Accepted
Delegated to:	Kieran Bingham
Headers	show Return-Path: <SRS0=YZYO=5Z=vger.kernel.org=linux-renesas-soc-owner@kernel.org> From: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> To: linux-renesas-soc@vger.kernel.org, Jacopo Mondi <jacopo@jmondi.org>, Laurent Pinchart <laurent.pinchart@ideasonboard.com>, =?utf-8?q?Niklas_S?= =?utf-8?q?=C3=B6derlund?= <niklas.soderlund@ragnatech.se>, Hyun Kwon <hyunk@xilinx.com>, Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Cc: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Subject: [PATCH v8 02/13] squash! max9286: convert probe kzalloc Date: Thu, 9 Apr 2020 13:11:51 +0100 Message-Id: <20200409121202.11130-3-kieran.bingham+renesas@ideasonboard.com> In-Reply-To: <20200409121202.11130-1-kieran.bingham+renesas@ideasonboard.com> References: <20200409121202.11130-1-kieran.bingham+renesas@ideasonboard.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-renesas-soc-owner@vger.kernel.org Precedence: bulk
Series	max9286 v8 - modifications \| expand [v8,00/13] max9286 v8 - modifications [v8,01/13] squash! max9286: Update the bound_sources mask on unbind [v8,02/13] squash! max9286: convert probe kzalloc [v8,03/13] squash! max9286: Fix cleanup path from GPIO powerdown [v8,04/13] squash! max9286: cleanup GPIO device registration fail path [v8,05/13] squash! max9286: Convert to use devm_regulator_get() [v8,06/13] squash! max9286: Fit max9286_parse_dt print on one line [v8,07/13] squash! max9286: Move multi-device workarounds out of upstream [v8,08/13] squash! max9286: Remove I2C mod-table [v8,09/13] sqaush! max9286: Lock format changes [v8,10/13] squash! max9286: Implement Pixelrate control [v8,11/13] squash! max9286: Disable overlap window [v8,12/13] sqaush! max9286: Describe pad index usage [v8,13/13] sqaush! max9286: Remove poc_enabled workaround

Kieran Bingham April 9, 2020, 12:11 p.m. UTC

v8:
 - Convert probe kzalloc usage to devm_ variant
---
 drivers/media/i2c/max9286.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

Laurent Pinchart April 9, 2020, 4:33 p.m. UTC | #1

Hi Kieran,

Thank you for the patch.

On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
> v8:
>  - Convert probe kzalloc usage to devm_ variant

This isn't worse than the existing code, but are you aware that devm_*
should not be used in this case ? The memory should be allocated with
kzalloc() and freed in the .release() operation.

> ---
>  drivers/media/i2c/max9286.c | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
> index b84d2daa6561..0a43137b8112 100644
> --- a/drivers/media/i2c/max9286.c
> +++ b/drivers/media/i2c/max9286.c
> @@ -1155,7 +1155,7 @@ static int max9286_probe(struct i2c_client *client)
>  	unsigned int i;
>  	int ret;
>  
> -	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> +	priv = devm_kzalloc(&client->dev, sizeof(*priv), GFP_KERNEL);
>  	if (!priv)
>  		return -ENOMEM;
>  
> @@ -1232,7 +1232,6 @@ static int max9286_probe(struct i2c_client *client)
>  	max9286_configure_i2c(priv, false);
>  err_free:
>  	max9286_cleanup_dt(priv);
> -	kfree(priv);
>  
>  	return ret;
>  }
> @@ -1253,8 +1252,6 @@ static int max9286_remove(struct i2c_client *client)
>  
>  	gpiod_set_value_cansleep(priv->gpiod_pwdn, 0);
>  
> -	kfree(priv);
> -
>  	return 0;
>  }
>

Kieran Bingham April 10, 2020, 8:20 a.m. UTC | #2

Hi Laurent,

(+Sakari)

On 09/04/2020 17:33, Laurent Pinchart wrote:
> Hi Kieran,
> 
> Thank you for the patch.
> 
> On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
>> v8:
>>  - Convert probe kzalloc usage to devm_ variant
> 
> This isn't worse than the existing code, but are you aware that devm_*
> should not be used in this case ? The memory should be allocated with
> kzalloc() and freed in the .release() operation.

This change was at the request of a review comment from Sakari.

From:
https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
> 
>>> +
>>> +static int max9286_probe(struct i2c_client *client)
>>> +{
>>> +	struct max9286_priv *priv;
>>> +	unsigned int i;
>>> +	int ret;
>>> +
>>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
>>> +	if (!priv)
>>> +		return -ENOMEM;
>> 
>> You won't lose anything by using the devm_ variant here.
> 
> Indeed,
> 
>> 
>>> +
>>> +	priv->client = client;
>>> +	i2c_set_clientdata(client, priv);
>>> +
>>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
>>> +		max9286_init_format(&priv->fmt[i]);
>>> +
>>> +	ret = max9286_parse_dt(priv);
>>> +	if (ret)
>>> +		return ret;
>> 
>> But you can avoid accidental memory leaks for nothing. :-)
> 
> It would be good not to leak indeed!


I understand that there are lifetime issues in V4L2 - but in my opinion
that needs to be handled by core V4l2 (and or support from driver core
framework).

Also - isn't it highly unlikely to affect the max9286? Isn't the
lifetime issue that the device can be unplugged while the file handle is
open?

I don't think anyone is going to 'unplug' the max9286 while it's active :-)



>> ---
>>  drivers/media/i2c/max9286.c | 5 +----
>>  1 file changed, 1 insertion(+), 4 deletions(-)
>>
>> diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
>> index b84d2daa6561..0a43137b8112 100644
>> --- a/drivers/media/i2c/max9286.c
>> +++ b/drivers/media/i2c/max9286.c
>> @@ -1155,7 +1155,7 @@ static int max9286_probe(struct i2c_client *client)
>>  	unsigned int i;
>>  	int ret;
>>  
>> -	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
>> +	priv = devm_kzalloc(&client->dev, sizeof(*priv), GFP_KERNEL);
>>  	if (!priv)
>>  		return -ENOMEM;
>>  
>> @@ -1232,7 +1232,6 @@ static int max9286_probe(struct i2c_client *client)
>>  	max9286_configure_i2c(priv, false);
>>  err_free:
>>  	max9286_cleanup_dt(priv);
>> -	kfree(priv);
>>  
>>  	return ret;
>>  }
>> @@ -1253,8 +1252,6 @@ static int max9286_remove(struct i2c_client *client)
>>  
>>  	gpiod_set_value_cansleep(priv->gpiod_pwdn, 0);
>>  
>> -	kfree(priv);
>> -
>>  	return 0;
>>  }
>>  
>

Laurent Pinchart April 10, 2020, 11:15 a.m. UTC | #3

Hi Kieran,

On Fri, Apr 10, 2020 at 09:20:25AM +0100, Kieran Bingham wrote:
> On 09/04/2020 17:33, Laurent Pinchart wrote:
> > On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
> >> v8:
> >>  - Convert probe kzalloc usage to devm_ variant
> > 
> > This isn't worse than the existing code, but are you aware that devm_*
> > should not be used in this case ? The memory should be allocated with
> > kzalloc() and freed in the .release() operation.
> 
> This change was at the request of a review comment from Sakari.
> 
> From:
> https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
>
> >>> +
> >>> +static int max9286_probe(struct i2c_client *client)
> >>> +{
> >>> +	struct max9286_priv *priv;
> >>> +	unsigned int i;
> >>> +	int ret;
> >>> +
> >>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> >>> +	if (!priv)
> >>> +		return -ENOMEM;
> >> 
> >> You won't lose anything by using the devm_ variant here.
> > 
> > Indeed,
> > 
> >>> +
> >>> +	priv->client = client;
> >>> +	i2c_set_clientdata(client, priv);
> >>> +
> >>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
> >>> +		max9286_init_format(&priv->fmt[i]);
> >>> +
> >>> +	ret = max9286_parse_dt(priv);
> >>> +	if (ret)
> >>> +		return ret;
> >> 
> >> But you can avoid accidental memory leaks for nothing. :-)
> > 
> > It would be good not to leak indeed!
> 
> I understand that there are lifetime issues in V4L2 - but in my opinion
> that needs to be handled by core V4l2 (and or support from driver core
> framework).

I'm afraid that's not possible. The V4L2 core can't delay remove().
There are helpers we could create to simplify correct memory management
for drivers, but in any case, devm_kzalloc() isn't correct.

There are also issues in the core that would make unbinding unsafe even
if correctly implemented in this driver, but a correct implementation in
drivers will be required in any case.

As I said before this patch isn't a regression as memory allocation is
already broken here, but it doesn't go in the right direction either.

> Also - isn't it highly unlikely to affect the max9286? Isn't the
> lifetime issue that the device can be unplugged while the file handle is
> open?
> 
> I don't think anyone is going to 'unplug' the max9286 while it's active :-)

No, but someone could unbind it through sysfs. In any case it's not an
excuse to not implement memory allocation correctly :-)

> >> ---
> >>  drivers/media/i2c/max9286.c | 5 +----
> >>  1 file changed, 1 insertion(+), 4 deletions(-)
> >>
> >> diff --git a/drivers/media/i2c/max9286.c b/drivers/media/i2c/max9286.c
> >> index b84d2daa6561..0a43137b8112 100644
> >> --- a/drivers/media/i2c/max9286.c
> >> +++ b/drivers/media/i2c/max9286.c
> >> @@ -1155,7 +1155,7 @@ static int max9286_probe(struct i2c_client *client)
> >>  	unsigned int i;
> >>  	int ret;
> >>  
> >> -	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> >> +	priv = devm_kzalloc(&client->dev, sizeof(*priv), GFP_KERNEL);
> >>  	if (!priv)
> >>  		return -ENOMEM;
> >>  
> >> @@ -1232,7 +1232,6 @@ static int max9286_probe(struct i2c_client *client)
> >>  	max9286_configure_i2c(priv, false);
> >>  err_free:
> >>  	max9286_cleanup_dt(priv);
> >> -	kfree(priv);
> >>  
> >>  	return ret;
> >>  }
> >> @@ -1253,8 +1252,6 @@ static int max9286_remove(struct i2c_client *client)
> >>  
> >>  	gpiod_set_value_cansleep(priv->gpiod_pwdn, 0);
> >>  
> >> -	kfree(priv);
> >> -
> >>  	return 0;
> >>  }
> >>

Sakari Ailus April 23, 2020, 7:38 a.m. UTC | #4

Hi Laurent, Kieran,

On Fri, Apr 10, 2020 at 02:15:19PM +0300, Laurent Pinchart wrote:
> Hi Kieran,
> 
> On Fri, Apr 10, 2020 at 09:20:25AM +0100, Kieran Bingham wrote:
> > On 09/04/2020 17:33, Laurent Pinchart wrote:
> > > On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
> > >> v8:
> > >>  - Convert probe kzalloc usage to devm_ variant
> > > 
> > > This isn't worse than the existing code, but are you aware that devm_*
> > > should not be used in this case ? The memory should be allocated with
> > > kzalloc() and freed in the .release() operation.
> > 
> > This change was at the request of a review comment from Sakari.
> > 
> > From:
> > https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
> >
> > >>> +
> > >>> +static int max9286_probe(struct i2c_client *client)
> > >>> +{
> > >>> +	struct max9286_priv *priv;
> > >>> +	unsigned int i;
> > >>> +	int ret;
> > >>> +
> > >>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> > >>> +	if (!priv)
> > >>> +		return -ENOMEM;
> > >> 
> > >> You won't lose anything by using the devm_ variant here.
> > > 
> > > Indeed,
> > > 
> > >>> +
> > >>> +	priv->client = client;
> > >>> +	i2c_set_clientdata(client, priv);
> > >>> +
> > >>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
> > >>> +		max9286_init_format(&priv->fmt[i]);
> > >>> +
> > >>> +	ret = max9286_parse_dt(priv);
> > >>> +	if (ret)
> > >>> +		return ret;
> > >> 
> > >> But you can avoid accidental memory leaks for nothing. :-)
> > > 
> > > It would be good not to leak indeed!
> > 
> > I understand that there are lifetime issues in V4L2 - but in my opinion
> > that needs to be handled by core V4l2 (and or support from driver core
> > framework).
> 
> I'm afraid that's not possible. The V4L2 core can't delay remove().
> There are helpers we could create to simplify correct memory management
> for drivers, but in any case, devm_kzalloc() isn't correct.
> 
> There are also issues in the core that would make unbinding unsafe even
> if correctly implemented in this driver, but a correct implementation in
> drivers will be required in any case.
> 
> As I said before this patch isn't a regression as memory allocation is
> already broken here, but it doesn't go in the right direction either.
> 
> > Also - isn't it highly unlikely to affect the max9286? Isn't the
> > lifetime issue that the device can be unplugged while the file handle is
> > open?
> > 
> > I don't think anyone is going to 'unplug' the max9286 while it's active :-)
> 
> No, but someone could unbind it through sysfs. In any case it's not an
> excuse to not implement memory allocation correctly :-)

Properly refcounting the objects and being unbind-safe would require
rewriting the memory allocation in drivers. This can't be done as the
framework is broken.

Whether you use devm_* variant here makes no difference from that point of
view. But it makes it easier to find out driver does not do its object
refcounting properly later on when (or if) the framework is fixed.

Laurent Pinchart April 23, 2020, 9:32 a.m. UTC | #5

Hi Sakari,

On Thu, Apr 23, 2020 at 10:38:41AM +0300, Sakari Ailus wrote:
> On Fri, Apr 10, 2020 at 02:15:19PM +0300, Laurent Pinchart wrote:
> > On Fri, Apr 10, 2020 at 09:20:25AM +0100, Kieran Bingham wrote:
> > > On 09/04/2020 17:33, Laurent Pinchart wrote:
> > > > On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
> > > >> v8:
> > > >>  - Convert probe kzalloc usage to devm_ variant
> > > > 
> > > > This isn't worse than the existing code, but are you aware that devm_*
> > > > should not be used in this case ? The memory should be allocated with
> > > > kzalloc() and freed in the .release() operation.
> > > 
> > > This change was at the request of a review comment from Sakari.
> > > 
> > > From:
> > > https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
> > >
> > > >>> +
> > > >>> +static int max9286_probe(struct i2c_client *client)
> > > >>> +{
> > > >>> +	struct max9286_priv *priv;
> > > >>> +	unsigned int i;
> > > >>> +	int ret;
> > > >>> +
> > > >>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> > > >>> +	if (!priv)
> > > >>> +		return -ENOMEM;
> > > >> 
> > > >> You won't lose anything by using the devm_ variant here.
> > > > 
> > > > Indeed,
> > > > 
> > > >>> +
> > > >>> +	priv->client = client;
> > > >>> +	i2c_set_clientdata(client, priv);
> > > >>> +
> > > >>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
> > > >>> +		max9286_init_format(&priv->fmt[i]);
> > > >>> +
> > > >>> +	ret = max9286_parse_dt(priv);
> > > >>> +	if (ret)
> > > >>> +		return ret;
> > > >> 
> > > >> But you can avoid accidental memory leaks for nothing. :-)
> > > > 
> > > > It would be good not to leak indeed!
> > > 
> > > I understand that there are lifetime issues in V4L2 - but in my opinion
> > > that needs to be handled by core V4l2 (and or support from driver core
> > > framework).
> > 
> > I'm afraid that's not possible. The V4L2 core can't delay remove().
> > There are helpers we could create to simplify correct memory management
> > for drivers, but in any case, devm_kzalloc() isn't correct.
> > 
> > There are also issues in the core that would make unbinding unsafe even
> > if correctly implemented in this driver, but a correct implementation in
> > drivers will be required in any case.
> > 
> > As I said before this patch isn't a regression as memory allocation is
> > already broken here, but it doesn't go in the right direction either.
> > 
> > > Also - isn't it highly unlikely to affect the max9286? Isn't the
> > > lifetime issue that the device can be unplugged while the file handle is
> > > open?
> > > 
> > > I don't think anyone is going to 'unplug' the max9286 while it's active :-)
> > 
> > No, but someone could unbind it through sysfs. In any case it's not an
> > excuse to not implement memory allocation correctly :-)
> 
> Properly refcounting the objects and being unbind-safe would require
> rewriting the memory allocation in drivers. This can't be done as the
> framework is broken.
> 
> Whether you use devm_* variant here makes no difference from that point of
> view. But it makes it easier to find out driver does not do its object
> refcounting properly later on when (or if) the framework is fixed.

It's an interesting point, "as it's broken, make it very visible" :-)
I'm fine with that.

Kieran Bingham April 23, 2020, 10:55 a.m. UTC | #6

Hi Sakari,

On 23/04/2020 08:38, Sakari Ailus wrote:
> Hi Laurent, Kieran,
> 
> On Fri, Apr 10, 2020 at 02:15:19PM +0300, Laurent Pinchart wrote:
>> Hi Kieran,
>>
>> On Fri, Apr 10, 2020 at 09:20:25AM +0100, Kieran Bingham wrote:
>>> On 09/04/2020 17:33, Laurent Pinchart wrote:
>>>> On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
>>>>> v8:
>>>>>  - Convert probe kzalloc usage to devm_ variant
>>>>
>>>> This isn't worse than the existing code, but are you aware that devm_*
>>>> should not be used in this case ? The memory should be allocated with
>>>> kzalloc() and freed in the .release() operation.
>>>
>>> This change was at the request of a review comment from Sakari.
>>>
>>> From:
>>> https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
>>>
>>>>>> +
>>>>>> +static int max9286_probe(struct i2c_client *client)
>>>>>> +{
>>>>>> +	struct max9286_priv *priv;
>>>>>> +	unsigned int i;
>>>>>> +	int ret;
>>>>>> +
>>>>>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
>>>>>> +	if (!priv)
>>>>>> +		return -ENOMEM;
>>>>>
>>>>> You won't lose anything by using the devm_ variant here.
>>>>
>>>> Indeed,
>>>>
>>>>>> +
>>>>>> +	priv->client = client;
>>>>>> +	i2c_set_clientdata(client, priv);
>>>>>> +
>>>>>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
>>>>>> +		max9286_init_format(&priv->fmt[i]);
>>>>>> +
>>>>>> +	ret = max9286_parse_dt(priv);
>>>>>> +	if (ret)
>>>>>> +		return ret;
>>>>>
>>>>> But you can avoid accidental memory leaks for nothing. :-)
>>>>
>>>> It would be good not to leak indeed!
>>>
>>> I understand that there are lifetime issues in V4L2 - but in my opinion
>>> that needs to be handled by core V4l2 (and or support from driver core
>>> framework).
>>
>> I'm afraid that's not possible. The V4L2 core can't delay remove().
>> There are helpers we could create to simplify correct memory management
>> for drivers, but in any case, devm_kzalloc() isn't correct.
>>
>> There are also issues in the core that would make unbinding unsafe even
>> if correctly implemented in this driver, but a correct implementation in
>> drivers will be required in any case.
>>
>> As I said before this patch isn't a regression as memory allocation is
>> already broken here, but it doesn't go in the right direction either.
>>
>>> Also - isn't it highly unlikely to affect the max9286? Isn't the
>>> lifetime issue that the device can be unplugged while the file handle is
>>> open?
>>>
>>> I don't think anyone is going to 'unplug' the max9286 while it's active :-)
>>
>> No, but someone could unbind it through sysfs. In any case it's not an
>> excuse to not implement memory allocation correctly :-)
> 
> Properly refcounting the objects and being unbind-safe would require
> rewriting the memory allocation in drivers. This can't be done as the
> framework is broken.


Which framework is broken?


> Whether you use devm_* variant here makes no difference from that point of
> view. But it makes it easier to find out driver does not do its object
> refcounting properly later on when (or if) the framework is fixed.

Is there anything *preventing* us from adding refcnting to the devm_
system so that we can take a reference on the struct device, thus
postponing all devm_ release actions while a file handle is open?

Then the reference handling can be done by V4l2 core - and we get a
whole bunch of drivers fixed ?

As it sounds like this is something which affects all subsystems which
are capable of exposing a device which gets opened (so presumably all
char/block devices?) this seems like it really needs to be fixed as low
as possible.

--
Kieran

Sakari Ailus April 23, 2020, 11:25 p.m. UTC | #7

Hi Kieran,

On Thu, Apr 23, 2020 at 11:55:47AM +0100, Kieran Bingham wrote:
> Hi Sakari,
> 
> On 23/04/2020 08:38, Sakari Ailus wrote:
> > Hi Laurent, Kieran,
> > 
> > On Fri, Apr 10, 2020 at 02:15:19PM +0300, Laurent Pinchart wrote:
> >> Hi Kieran,
> >>
> >> On Fri, Apr 10, 2020 at 09:20:25AM +0100, Kieran Bingham wrote:
> >>> On 09/04/2020 17:33, Laurent Pinchart wrote:
> >>>> On Thu, Apr 09, 2020 at 01:11:51PM +0100, Kieran Bingham wrote:
> >>>>> v8:
> >>>>>  - Convert probe kzalloc usage to devm_ variant
> >>>>
> >>>> This isn't worse than the existing code, but are you aware that devm_*
> >>>> should not be used in this case ? The memory should be allocated with
> >>>> kzalloc() and freed in the .release() operation.
> >>>
> >>> This change was at the request of a review comment from Sakari.
> >>>
> >>> From:
> >>> https://lore.kernel.org/linux-media/4139f241-2fde-26ad-fe55-dcaeb76ad6cc@ideasonboard.com/
> >>>
> >>>>>> +
> >>>>>> +static int max9286_probe(struct i2c_client *client)
> >>>>>> +{
> >>>>>> +	struct max9286_priv *priv;
> >>>>>> +	unsigned int i;
> >>>>>> +	int ret;
> >>>>>> +
> >>>>>> +	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
> >>>>>> +	if (!priv)
> >>>>>> +		return -ENOMEM;
> >>>>>
> >>>>> You won't lose anything by using the devm_ variant here.
> >>>>
> >>>> Indeed,
> >>>>
> >>>>>> +
> >>>>>> +	priv->client = client;
> >>>>>> +	i2c_set_clientdata(client, priv);
> >>>>>> +
> >>>>>> +	for (i = 0; i < MAX9286_N_SINKS; i++)
> >>>>>> +		max9286_init_format(&priv->fmt[i]);
> >>>>>> +
> >>>>>> +	ret = max9286_parse_dt(priv);
> >>>>>> +	if (ret)
> >>>>>> +		return ret;
> >>>>>
> >>>>> But you can avoid accidental memory leaks for nothing. :-)
> >>>>
> >>>> It would be good not to leak indeed!
> >>>
> >>> I understand that there are lifetime issues in V4L2 - but in my opinion
> >>> that needs to be handled by core V4l2 (and or support from driver core
> >>> framework).
> >>
> >> I'm afraid that's not possible. The V4L2 core can't delay remove().
> >> There are helpers we could create to simplify correct memory management
> >> for drivers, but in any case, devm_kzalloc() isn't correct.
> >>
> >> There are also issues in the core that would make unbinding unsafe even
> >> if correctly implemented in this driver, but a correct implementation in
> >> drivers will be required in any case.
> >>
> >> As I said before this patch isn't a regression as memory allocation is
> >> already broken here, but it doesn't go in the right direction either.
> >>
> >>> Also - isn't it highly unlikely to affect the max9286? Isn't the
> >>> lifetime issue that the device can be unplugged while the file handle is
> >>> open?
> >>>
> >>> I don't think anyone is going to 'unplug' the max9286 while it's active :-)
> >>
> >> No, but someone could unbind it through sysfs. In any case it's not an
> >> excuse to not implement memory allocation correctly :-)
> > 
> > Properly refcounting the objects and being unbind-safe would require
> > rewriting the memory allocation in drivers. This can't be done as the
> > framework is broken.
> 
> 
> Which framework is broken?

V4L2 and MC. There is nothing that prevents unbinding a driver, and thus
freeing the resources related to it --- while a device is in use. This can
be done with V4L2 video nodes but not with subdev nodes nor MC. The same
applies all the graph objects in the same scope.

The original assumption was more or less that it's all mounted on the same
PCB, so why would it go away? Well, it turns out this is not so easy to
change afterwards.

> 
> 
> > Whether you use devm_* variant here makes no difference from that point of
> > view. But it makes it easier to find out driver does not do its object
> > refcounting properly later on when (or if) the framework is fixed.
> 
> Is there anything *preventing* us from adding refcnting to the devm_
> system so that we can take a reference on the struct device, thus
> postponing all devm_ release actions while a file handle is open?

That doesn't help really, they'll be freed at driver remove time AFAIR as
well. The effect is no different than freeing them in the remove callback
yourself.

> 
> Then the reference handling can be done by V4l2 core - and we get a
> whole bunch of drivers fixed ?

To address this, you'd need to keep reference to the relevant objects, so
the memory is eventually released.

> 
> As it sounds like this is something which affects all subsystems which
> are capable of exposing a device which gets opened (so presumably all
> char/block devices?) this seems like it really needs to be fixed as low
> as possible.

I think it's really everything that exposes some sort of interface, whether
it's kernel or user. I haven't studied other parts of the kernel this in
mind, but my understanding is that this is generally working as it should.

We just happen to have complex dependencies between the devices and thus
also drivers so the problem area is wider than elsewhere. I wonder how ALSA
has addressed similar issues.

[v8,02/13] squash! max9286: convert probe kzalloc

Commit Message

Comments

Patch