diff mbox series

PM: domains: Ensure genpd_debugfs_dir exists before remove

Message ID 20220705094946.827697-1-hsinyi@chromium.org (mailing list archive)
State Superseded, archived
Headers show
Series PM: domains: Ensure genpd_debugfs_dir exists before remove | expand

Commit Message

Hsin-Yi Wang July 5, 2022, 9:49 a.m. UTC 
genpd_debug_remove() may be indirectly called from others while
genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
before remove the sub components, otherwise components under
/sys/kernel/debug may be accidentally removed.

Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
---
An example:
scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
removed.
---
 drivers/base/power/domain.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Greg KH July 5, 2022, 10:38 a.m. UTC | #1 
On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> genpd_debug_remove() may be indirectly called from others while
> genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> before remove the sub components, otherwise components under
> /sys/kernel/debug may be accidentally removed.
> 
> Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> ---
> An example:
> scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> removed.
> ---
>  drivers/base/power/domain.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> index 3e86772d5fac5..5a2e0232862e0 100644
> --- a/drivers/base/power/domain.c
> +++ b/drivers/base/power/domain.c
> @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
>  {
>  	struct dentry *d;
>  
> +	if (!genpd_debugfs_dir)
> +		return;
> +
>  	d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
>  	debugfs_remove(d);

Why not just change this to be:
	debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));

thanks,

greg k-h
Hsin-Yi Wang July 5, 2022, 11:06 a.m. UTC | #2 
On Tue, Jul 5, 2022 at 6:38 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> > genpd_debug_remove() may be indirectly called from others while
> > genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> > before remove the sub components, otherwise components under
> > /sys/kernel/debug may be accidentally removed.
> >
> > Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > ---
> > An example:
> > scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> > genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> > removed.
> > ---
> >  drivers/base/power/domain.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> > index 3e86772d5fac5..5a2e0232862e0 100644
> > --- a/drivers/base/power/domain.c
> > +++ b/drivers/base/power/domain.c
> > @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
> >  {
> >       struct dentry *d;
> >
> > +     if (!genpd_debugfs_dir)
> > +             return;
> > +
> >       d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
> >       debugfs_remove(d);
>
> Why not just change this to be:
>         debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));
If pm_genpd hasn't been created yet,  debugfs_lookup("pm_genpd", NULL)
will return null.
If genpd->name also exists under root debugfs, it will still be
deleted unintentionally, since NULL represents root debugfs.
Eg. one of the genpd->name is "usb", which is supposed to be added as
/sys/kernel/debug/pm_genpd/usb later. But pm_genpd is not yet created,
/sys/kernel/debug/usb will be removed.

>
> thanks,
>
> greg k-h
Greg KH July 5, 2022, 11:51 a.m. UTC | #3 
On Tue, Jul 05, 2022 at 07:06:41PM +0800, Hsin-Yi Wang wrote:
> On Tue, Jul 5, 2022 at 6:38 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> > > genpd_debug_remove() may be indirectly called from others while
> > > genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> > > before remove the sub components, otherwise components under
> > > /sys/kernel/debug may be accidentally removed.
> > >
> > > Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> > > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > > ---
> > > An example:
> > > scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> > > genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> > > removed.
> > > ---
> > >  drivers/base/power/domain.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > >
> > > diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> > > index 3e86772d5fac5..5a2e0232862e0 100644
> > > --- a/drivers/base/power/domain.c
> > > +++ b/drivers/base/power/domain.c
> > > @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
> > >  {
> > >       struct dentry *d;
> > >
> > > +     if (!genpd_debugfs_dir)
> > > +             return;
> > > +
> > >       d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
> > >       debugfs_remove(d);
> >
> > Why not just change this to be:
> >         debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));
> If pm_genpd hasn't been created yet,  debugfs_lookup("pm_genpd", NULL)
> will return null.

And how is this codepath being called if pm_genpd is not created yet?
Surely you are not relying on the presence of a debugfs file to
determine that?

> If genpd->name also exists under root debugfs, it will still be
> deleted unintentionally, since NULL represents root debugfs.
> Eg. one of the genpd->name is "usb", which is supposed to be added as
> /sys/kernel/debug/pm_genpd/usb later. But pm_genpd is not yet created,
> /sys/kernel/debug/usb will be removed.

Ah, that's a bad name to pick :)

But still, don't paper over this problem, please solve the root issue of
never relying on the creation of a debugfs file to determine functional
logic.

thanks,

greg k-h
Hsin-Yi Wang July 5, 2022, 3:58 p.m. UTC | #4 
On Tue, Jul 5, 2022 at 7:51 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Tue, Jul 05, 2022 at 07:06:41PM +0800, Hsin-Yi Wang wrote:
> > On Tue, Jul 5, 2022 at 6:38 PM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> > > > genpd_debug_remove() may be indirectly called from others while
> > > > genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> > > > before remove the sub components, otherwise components under
> > > > /sys/kernel/debug may be accidentally removed.
> > > >
> > > > Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> > > > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > > > ---
> > > > An example:
> > > > scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> > > > genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> > > > removed.
> > > > ---
> > > >  drivers/base/power/domain.c | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> > > > index 3e86772d5fac5..5a2e0232862e0 100644
> > > > --- a/drivers/base/power/domain.c
> > > > +++ b/drivers/base/power/domain.c
> > > > @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
> > > >  {
> > > >       struct dentry *d;
> > > >
> > > > +     if (!genpd_debugfs_dir)
> > > > +             return;
> > > > +
> > > >       d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
> > > >       debugfs_remove(d);
> > >
> > > Why not just change this to be:
> > >         debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));
> > If pm_genpd hasn't been created yet,  debugfs_lookup("pm_genpd", NULL)
> > will return null.
>
> And how is this codepath being called if pm_genpd is not created yet?
> Surely you are not relying on the presence of a debugfs file to
> determine that?
>

Caller didn't directly call genpd_debug_remove(). The flow is as follows:

Normally, scpsys will create pm domain by:
scpsys_probe()
   --> scpsys_add_one_domain()
     --> pm_genpd_init()
       --> genpd_debug_add()


If something fails, it will do the cleanup:
scpsys_probe()
  --> scpsys_domain_cleanup()
     --> scpsys_remove_one_domain()
       --> pm_genpd_remove()
          --> genpd_remove()
            --> genpd_debug_remove()

genpd_debug_add() checks if genpd_debugfs_dir is init by a
late_initcall genpd_debug_init(). If it's NULL, it will return
directly without creating anything. Later when genpd_debug_init() is
called, it will call genpd_debug_add() again.

pm_genpd_remove() still needs to be called on the cleanup path to free
other stuff, but if genpd_debug_init() hasn't happened,
genpd_debug_remove() should be a no-op, or genpd_remove() shouldn't
call it. (We can move the check there, but adding in
genpd_debug_remove() is more similar to what genpd_debug_add()
currently is.)

> > If genpd->name also exists under root debugfs, it will still be
> > deleted unintentionally, since NULL represents root debugfs.
> > Eg. one of the genpd->name is "usb", which is supposed to be added as
> > /sys/kernel/debug/pm_genpd/usb later. But pm_genpd is not yet created,
> > /sys/kernel/debug/usb will be removed.
>
> Ah, that's a bad name to pick :)
>
> But still, don't paper over this problem, please solve the root issue of
> never relying on the creation of a debugfs file to determine functional
> logic.
>
Currently we can't remove genpd_debug_add() called in pm_genpd_init()
and genpd_debug_remove() called in genpd_remove(). If some power
domain is created after genpd_debug_init(), their genpd subdomain
won't be registered in debugfs. genpd_debug_remove() also has similar
issues, eg. failed domain not removed after genpd_debug_init() is called.

> thanks,
>
> greg k-h
Greg KH July 5, 2022, 4:26 p.m. UTC | #5 
On Tue, Jul 05, 2022 at 11:58:52PM +0800, Hsin-Yi Wang wrote:
> On Tue, Jul 5, 2022 at 7:51 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Jul 05, 2022 at 07:06:41PM +0800, Hsin-Yi Wang wrote:
> > > On Tue, Jul 5, 2022 at 6:38 PM Greg Kroah-Hartman
> > > <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> > > > > genpd_debug_remove() may be indirectly called from others while
> > > > > genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> > > > > before remove the sub components, otherwise components under
> > > > > /sys/kernel/debug may be accidentally removed.
> > > > >
> > > > > Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> > > > > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > > > > ---
> > > > > An example:
> > > > > scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> > > > > genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> > > > > removed.
> > > > > ---
> > > > >  drivers/base/power/domain.c | 3 +++
> > > > >  1 file changed, 3 insertions(+)
> > > > >
> > > > > diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> > > > > index 3e86772d5fac5..5a2e0232862e0 100644
> > > > > --- a/drivers/base/power/domain.c
> > > > > +++ b/drivers/base/power/domain.c
> > > > > @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
> > > > >  {
> > > > >       struct dentry *d;
> > > > >
> > > > > +     if (!genpd_debugfs_dir)
> > > > > +             return;
> > > > > +
> > > > >       d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
> > > > >       debugfs_remove(d);
> > > >
> > > > Why not just change this to be:
> > > >         debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));
> > > If pm_genpd hasn't been created yet,  debugfs_lookup("pm_genpd", NULL)
> > > will return null.
> >
> > And how is this codepath being called if pm_genpd is not created yet?
> > Surely you are not relying on the presence of a debugfs file to
> > determine that?
> >
> 
> Caller didn't directly call genpd_debug_remove(). The flow is as follows:
> 
> Normally, scpsys will create pm domain by:
> scpsys_probe()
>    --> scpsys_add_one_domain()
>      --> pm_genpd_init()
>        --> genpd_debug_add()
> 
> 
> If something fails, it will do the cleanup:
> scpsys_probe()
>   --> scpsys_domain_cleanup()
>      --> scpsys_remove_one_domain()
>        --> pm_genpd_remove()
>           --> genpd_remove()
>             --> genpd_debug_remove()
> 
> genpd_debug_add() checks if genpd_debugfs_dir is init by a
> late_initcall genpd_debug_init(). If it's NULL, it will return
> directly without creating anything. Later when genpd_debug_init() is
> called, it will call genpd_debug_add() again.
> 
> pm_genpd_remove() still needs to be called on the cleanup path to free
> other stuff, but if genpd_debug_init() hasn't happened,
> genpd_debug_remove() should be a no-op, or genpd_remove() shouldn't
> call it. (We can move the check there, but adding in
> genpd_debug_remove() is more similar to what genpd_debug_add()
> currently is.)

Thanks for the details.  You might want to include this in the changelog
text.  I'm ok with the change now if that information is in there, I
missed that there are paths to create devices before debugfs is
initialized.

thanks,

greg k-h
Hsin-Yi Wang July 5, 2022, 5:27 p.m. UTC | #6 
On Wed, Jul 6, 2022 at 12:26 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Tue, Jul 05, 2022 at 11:58:52PM +0800, Hsin-Yi Wang wrote:
> > On Tue, Jul 5, 2022 at 7:51 PM Greg Kroah-Hartman
> > <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Tue, Jul 05, 2022 at 07:06:41PM +0800, Hsin-Yi Wang wrote:
> > > > On Tue, Jul 5, 2022 at 6:38 PM Greg Kroah-Hartman
> > > > <gregkh@linuxfoundation.org> wrote:
> > > > >
> > > > > On Tue, Jul 05, 2022 at 05:49:47PM +0800, Hsin-Yi Wang wrote:
> > > > > > genpd_debug_remove() may be indirectly called from others while
> > > > > > genpd_debugfs_dir is not yet set. Make sure genpd_debugfs_dir exists
> > > > > > before remove the sub components, otherwise components under
> > > > > > /sys/kernel/debug may be accidentally removed.
> > > > > >
> > > > > > Fixes: 718072ceb211 ("PM: domains: create debugfs nodes when adding power domains")
> > > > > > Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
> > > > > > ---
> > > > > > An example:
> > > > > > scpsys_probe() in drivers/soc/mediatek/mtk-pm-domains.c indirectly calls
> > > > > > genpd_debug_remove() on probe fail, causing /sys/kernel/debug/usb to be
> > > > > > removed.
> > > > > > ---
> > > > > >  drivers/base/power/domain.c | 3 +++
> > > > > >  1 file changed, 3 insertions(+)
> > > > > >
> > > > > > diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> > > > > > index 3e86772d5fac5..5a2e0232862e0 100644
> > > > > > --- a/drivers/base/power/domain.c
> > > > > > +++ b/drivers/base/power/domain.c
> > > > > > @@ -222,6 +222,9 @@ static void genpd_debug_remove(struct generic_pm_domain *genpd)
> > > > > >  {
> > > > > >       struct dentry *d;
> > > > > >
> > > > > > +     if (!genpd_debugfs_dir)
> > > > > > +             return;
> > > > > > +
> > > > > >       d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
> > > > > >       debugfs_remove(d);
> > > > >
> > > > > Why not just change this to be:
> > > > >         debugfs_remove(debugfs_lookup(genpd->name, debugfs_lookup("pm_genpd", NULL)));
> > > > If pm_genpd hasn't been created yet,  debugfs_lookup("pm_genpd", NULL)
> > > > will return null.
> > >
> > > And how is this codepath being called if pm_genpd is not created yet?
> > > Surely you are not relying on the presence of a debugfs file to
> > > determine that?
> > >
> >
> > Caller didn't directly call genpd_debug_remove(). The flow is as follows:
> >
> > Normally, scpsys will create pm domain by:
> > scpsys_probe()
> >    --> scpsys_add_one_domain()
> >      --> pm_genpd_init()
> >        --> genpd_debug_add()
> >
> >
> > If something fails, it will do the cleanup:
> > scpsys_probe()
> >   --> scpsys_domain_cleanup()
> >      --> scpsys_remove_one_domain()
> >        --> pm_genpd_remove()
> >           --> genpd_remove()
> >             --> genpd_debug_remove()
> >
> > genpd_debug_add() checks if genpd_debugfs_dir is init by a
> > late_initcall genpd_debug_init(). If it's NULL, it will return
> > directly without creating anything. Later when genpd_debug_init() is
> > called, it will call genpd_debug_add() again.
> >
> > pm_genpd_remove() still needs to be called on the cleanup path to free
> > other stuff, but if genpd_debug_init() hasn't happened,
> > genpd_debug_remove() should be a no-op, or genpd_remove() shouldn't
> > call it. (We can move the check there, but adding in
> > genpd_debug_remove() is more similar to what genpd_debug_add()
> > currently is.)
>
> Thanks for the details.  You might want to include this in the changelog
> text.  I'm ok with the change now if that information is in there, I
> missed that there are paths to create devices before debugfs is
> initialized.
>
Done. Added in v2. Thanks for the review.

> thanks,
>
> greg k-h
diff mbox series

Patch

diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
index 3e86772d5fac5..5a2e0232862e0 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -222,6 +222,9 @@  static void genpd_debug_remove(struct generic_pm_domain *genpd)
 {
 	struct dentry *d;
 
+	if (!genpd_debugfs_dir)
+		return;
+
 	d = debugfs_lookup(genpd->name, genpd_debugfs_dir);
 	debugfs_remove(d);
 }