| Message ID | 7-v1-7dedf20b2b75+4f785-vfio2_jgg@nvidia.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Make vfio_mdev type safe | expand |
On Tue, Mar 23, 2021 at 02:55:24PM -0300, Jason Gunthorpe wrote: > struct mdev_type holds a pointer to the kref'd object struct mdev_parent, > but doesn't hold the kref. The lifetime of the parent becomes implicit > because parent_remove_sysfs_files() is supposed to remove all the access > before the parent can be freed, but this is very hard to reason about. > > Make it obviously correct by adding the missing get. Looks good: Reviewed-by: Christoph Hellwig <hch@lst.de>
> From: Jason Gunthorpe <jgg@nvidia.com> > Sent: Wednesday, March 24, 2021 1:55 AM > > struct mdev_type holds a pointer to the kref'd object struct mdev_parent, > but doesn't hold the kref. The lifetime of the parent becomes implicit > because parent_remove_sysfs_files() is supposed to remove all the access > before the parent can be freed, but this is very hard to reason about. > > Make it obviously correct by adding the missing get. > > Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> > --- > drivers/vfio/mdev/mdev_sysfs.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/vfio/mdev/mdev_sysfs.c > b/drivers/vfio/mdev/mdev_sysfs.c > index 5219cdd6dbbc49..d43775bd0ba340 100644 > --- a/drivers/vfio/mdev/mdev_sysfs.c > +++ b/drivers/vfio/mdev/mdev_sysfs.c > @@ -81,6 +81,8 @@ static void mdev_type_release(struct kobject *kobj) > struct mdev_type *type = to_mdev_type(kobj); > > pr_debug("Releasing group %s\n", kobj->name); > + /* Pairs with the get in add_mdev_supported_type() */ > + mdev_put_parent(type->parent); > kfree(type); > } > > @@ -106,6 +108,8 @@ static struct mdev_type > *add_mdev_supported_type(struct mdev_parent *parent, > > type->kobj.kset = parent->mdev_types_kset; > type->parent = parent; > + /* Pairs with the put in mdev_type_release() */ > + mdev_get_parent(parent); > > ret = kobject_init_and_add(&type->kobj, &mdev_type_ktype, NULL, > "%s-%s", dev_driver_string(parent->dev), > -- > 2.31.0
On Tue, 23 Mar 2021 14:55:24 -0300 Jason Gunthorpe <jgg@nvidia.com> wrote: > struct mdev_type holds a pointer to the kref'd object struct mdev_parent, > but doesn't hold the kref. The lifetime of the parent becomes implicit > because parent_remove_sysfs_files() is supposed to remove all the access > before the parent can be freed, but this is very hard to reason about. > > Make it obviously correct by adding the missing get. > > Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> > --- > drivers/vfio/mdev/mdev_sysfs.c | 4 ++++ > 1 file changed, 4 insertions(+) Reviewed-by: Cornelia Huck <cohuck@redhat.com>
diff --git a/drivers/vfio/mdev/mdev_sysfs.c b/drivers/vfio/mdev/mdev_sysfs.c index 5219cdd6dbbc49..d43775bd0ba340 100644 --- a/drivers/vfio/mdev/mdev_sysfs.c +++ b/drivers/vfio/mdev/mdev_sysfs.c @@ -81,6 +81,8 @@ static void mdev_type_release(struct kobject *kobj) struct mdev_type *type = to_mdev_type(kobj); pr_debug("Releasing group %s\n", kobj->name); + /* Pairs with the get in add_mdev_supported_type() */ + mdev_put_parent(type->parent); kfree(type); } @@ -106,6 +108,8 @@ static struct mdev_type *add_mdev_supported_type(struct mdev_parent *parent, type->kobj.kset = parent->mdev_types_kset; type->parent = parent; + /* Pairs with the put in mdev_type_release() */ + mdev_get_parent(parent); ret = kobject_init_and_add(&type->kobj, &mdev_type_ktype, NULL, "%s-%s", dev_driver_string(parent->dev),
struct mdev_type holds a pointer to the kref'd object struct mdev_parent, but doesn't hold the kref. The lifetime of the parent becomes implicit because parent_remove_sysfs_files() is supposed to remove all the access before the parent can be freed, but this is very hard to reason about. Make it obviously correct by adding the missing get. Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> --- drivers/vfio/mdev/mdev_sysfs.c | 4 ++++ 1 file changed, 4 insertions(+)