diff mbox series

[net-next] net: mdio: get/put device node during (un)registration

Message ID 20231220045228.27079-2-luizluca@gmail.com (mailing list archive)
State Accepted
Commit cff9c565e65f3622e8dc1dcc21c1520a083dff35
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: mdio: get/put device node during (un)registration | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1564 this patch: 1564
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang fail Errors and warnings before: 25 this patch: 25
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1600 this patch: 1600
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 54 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Luiz Angelo Daros de Luca Dec. 20, 2023, 4:52 a.m. UTC
The __of_mdiobus_register() function was storing the device node in
dev.of_node without increasing its reference count. It implicitly relied
on the caller to maintain the allocated node until the mdiobus was
unregistered.

Now, __of_mdiobus_register() will acquire the node before assigning it,
and of_mdiobus_unregister_callback() will be called at the end of
mdio_unregister().

Drivers can now release the node immediately after MDIO registration.
Some of them are already doing that even before this patch.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
---
 drivers/net/mdio/of_mdio.c | 12 +++++++++++-
 drivers/net/phy/mdio_bus.c |  3 +++
 include/linux/phy.h        |  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 1, 2024, 1:10 p.m. UTC | #1
Hello:

This patch was applied to netdev/net-next.git (main)
by David S. Miller <davem@davemloft.net>:

On Wed, 20 Dec 2023 01:52:29 -0300 you wrote:
> The __of_mdiobus_register() function was storing the device node in
> dev.of_node without increasing its reference count. It implicitly relied
> on the caller to maintain the allocated node until the mdiobus was
> unregistered.
> 
> Now, __of_mdiobus_register() will acquire the node before assigning it,
> and of_mdiobus_unregister_callback() will be called at the end of
> mdio_unregister().
> 
> [...]

Here is the summary with links:
  - [net-next] net: mdio: get/put device node during (un)registration
    https://git.kernel.org/netdev/net-next/c/cff9c565e65f

You are awesome, thank you!
Russell King (Oracle) Jan. 2, 2024, 11:02 a.m. UTC | #2
On Wed, Dec 20, 2023 at 01:52:29AM -0300, Luiz Angelo Daros de Luca wrote:
> The __of_mdiobus_register() function was storing the device node in
> dev.of_node without increasing its reference count. It implicitly relied
> on the caller to maintain the allocated node until the mdiobus was
> unregistered.
> 
> Now, __of_mdiobus_register() will acquire the node before assigning it,
> and of_mdiobus_unregister_callback() will be called at the end of
> mdio_unregister().
> 
> Drivers can now release the node immediately after MDIO registration.
> Some of them are already doing that even before this patch.
> 
> Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

I don't like this, certainly not the use of a method prefixed by a
double-underscore, and neither the conditional nature of "putting"
this. That alone seems to point to there being more issues.

I also notice that netdev have applied this without *any* review from
phylib maintainers. Grr.

Indeed there are more issues with the refcounting here. If one looks at
drivers/net/phy/mdio_bus.c::of_mdiobus_link_mdiodev(), we find this:

                if (addr == mdiodev->addr) {
                        device_set_node(dev, of_fwnode_handle(child));
                        /* The refcount on "child" is passed to the mdio
                         * device. Do _not_ use of_node_put(child) here.
                         */
                        return;

but there is nowhere that this refcount is dropped. 

Really, the patch should be addressing the problem rather than putting
a sticky-plaster over just one instance of it.
Luiz Angelo Daros de Luca Jan. 2, 2024, 9:57 p.m. UTC | #3
> On Wed, Dec 20, 2023 at 01:52:29AM -0300, Luiz Angelo Daros de Luca wrote:
> > The __of_mdiobus_register() function was storing the device node in
> > dev.of_node without increasing its reference count. It implicitly relied
> > on the caller to maintain the allocated node until the mdiobus was
> > unregistered.
> >
> > Now, __of_mdiobus_register() will acquire the node before assigning it,
> > and of_mdiobus_unregister_callback() will be called at the end of
> > mdio_unregister().
> >
> > Drivers can now release the node immediately after MDIO registration.
> > Some of them are already doing that even before this patch.
> >
> > Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
>
> I don't like this, certainly not the use of a method prefixed by a
> double-underscore, and neither the conditional nature of "putting"
> this. That alone seems to point to there being more issues.

Thanks Russel.

At least one driver (bcm_sf2_mdio_register) is writing directly to the
mii_bus->dev.of_node and not using of_mdiobus_register(). We should
not put a node in the MDIO bus if the bus didn't get it before. That's
the reason for the conditional putting the node.

I wasn't sure about the names. What would be an appropriate name? The
same without the prefix? In order to put the node only when the bus
was registered by __of_mdiobus_register, I opted for a callback but it
might be a better approach.

> I also notice that netdev have applied this without *any* review from
> phylib maintainers. Grr.

Some reviews are required. Should we revert it?

> Indeed there are more issues with the refcounting here. If one looks at
> drivers/net/phy/mdio_bus.c::of_mdiobus_link_mdiodev(), we find this:
>
>                 if (addr == mdiodev->addr) {
>                         device_set_node(dev, of_fwnode_handle(child));
>                         /* The refcount on "child" is passed to the mdio
>                          * device. Do _not_ use of_node_put(child) here.
>                          */
>                         return;
>
> but there is nowhere that this refcount is dropped.

The same file where we have the get should also contain the put,
ideally in a reverse function like register/unregister. It is too easy
to miss a put that should happen in a different context.
fixed_phy_unregister seems to be one case where it put that node after
phy_device_remove() but I didn't investigate it further if that was
related to a different of_node_get. mdiobus_unregister_device might be
a nice place to fit that put but I'm not an expert in MDIO API.

> Really, the patch should be addressing the problem rather than putting
> a sticky-plaster over just one instance of it.

I'm trying to address an issue I ran into while modifying a DSA
driver. We have drivers putting the node passed to of_mdiobus_register
just after it returns. In my option, it feels more natural and this
patch fixes that scenario.
Other drivers keep that reference until the driver is removed, which
might still be too soon without this patch. I guess putting the node
should happen between mdiobus_unregister and mdiobus_free. If the
driver uses devm variants, it does not control the code between those
two methods and it should just hope that it is enough to put the node
as its last step.

I issue that the child node you pointed to should also be addressed.
However, I think they are two different but related issues. Any place
we see a device_set_node(), we should see a of_node_get before and a
of_node_put when the device is gone.

Regards,

Luiz
Jakub Kicinski Jan. 3, 2024, 12:31 a.m. UTC | #4
On Tue, 2 Jan 2024 18:57:35 -0300 Luiz Angelo Daros de Luca wrote:
> > I also notice that netdev have applied this without *any* review from
> > phylib maintainers. Grr.  
> 
> Some reviews are required. Should we revert it?

Reverted.
Russell King (Oracle) Jan. 3, 2024, 10:22 a.m. UTC | #5
On Tue, Jan 02, 2024 at 06:57:35PM -0300, Luiz Angelo Daros de Luca wrote:
> > On Wed, Dec 20, 2023 at 01:52:29AM -0300, Luiz Angelo Daros de Luca wrote:
> > > The __of_mdiobus_register() function was storing the device node in
> > > dev.of_node without increasing its reference count. It implicitly relied
> > > on the caller to maintain the allocated node until the mdiobus was
> > > unregistered.
> > >
> > > Now, __of_mdiobus_register() will acquire the node before assigning it,
> > > and of_mdiobus_unregister_callback() will be called at the end of
> > > mdio_unregister().
> > >
> > > Drivers can now release the node immediately after MDIO registration.
> > > Some of them are already doing that even before this patch.
> > >
> > > Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
> >
> > I don't like this, certainly not the use of a method prefixed by a
> > double-underscore, and neither the conditional nature of "putting"
> > this. That alone seems to point to there being more issues.
> 
> Thanks Russel.

Hi Lewis,

> At least one driver (bcm_sf2_mdio_register) is writing directly to the
> mii_bus->dev.of_node and not using of_mdiobus_register(). We should
> not put a node in the MDIO bus if the bus didn't get it before. That's
> the reason for the conditional putting the node.

I agree with the idea that a node placed in a bus needs to have it's
reference count increased before hand, _unless_ the reference is being
passed from the code registering.

What I don't agree with is the conditional putting of the node. What
I think should have happened is a review of all the code, and either
a justification needed to be put forward (and considered *before*
this patch was merged) about why to do this conditionally, _or_ all
the places where the refcounting is not correct get fixed at the
same time.

Adding this conditional mechanism adds more complexity which makes
the situation more difficult to analyse and fix later.

> I wasn't sure about the names. What would be an appropriate name? The
> same without the prefix? In order to put the node only when the bus
> was registered by __of_mdiobus_register, I opted for a callback but it
> might be a better approach.

Normally, the callback is just named "release".

> > I also notice that netdev have applied this without *any* review from
> > phylib maintainers. Grr.
> 
> Some reviews are required. Should we revert it?

Clearly reviews are needed, even more so as there is indeed an issue
with this patch. Looking at __of_mdiobus_register(), let's assume
__mdiobus_register() succeeds. While scanning the PHYs, we hit an
error that calls us to head to the unregister label.

This calls mdiobus_unregister(), which calls your
bus->__unregister_callback function, which puts the node. When that
returns, we continue past the "put_node" label, which does *another*
of_node_put() on the same node.

So, this patch has traded a lack-of-get for a double-put bug. Given
that it wasn't reviewed before being applied, and I think we can do
much better, I am definitely in the mindset that it should be reverted.

> > Indeed there are more issues with the refcounting here. If one looks at
> > drivers/net/phy/mdio_bus.c::of_mdiobus_link_mdiodev(), we find this:
> >
> >                 if (addr == mdiodev->addr) {
> >                         device_set_node(dev, of_fwnode_handle(child));
> >                         /* The refcount on "child" is passed to the mdio
> >                          * device. Do _not_ use of_node_put(child) here.
> >                          */
> >                         return;
> >
> > but there is nowhere that this refcount is dropped.
> 
> The same file where we have the get should also contain the put,
> ideally in a reverse function like register/unregister.

Not necessarily true. There are cases where we need the node to hang
around until the device is actually released, so putting the node in
the release callback for the device tends to be the best place. The
rule for all devices of that class then becomes that the node must be
"got" before assigning them to the device which then becomes easy to
audit.

> I'm trying to address an issue I ran into while modifying a DSA
> driver. We have drivers putting the node passed to of_mdiobus_register
> just after it returns. In my option, it feels more natural and this
> patch fixes that scenario.

I agree with that approach, but as you rightly point out, we need MDIO
to behave correctly, and I don't think that patching just one bit of
MDIO to fix this mess is the right approach.

Jakub: please revert, if that's still possible.
Russell King (Oracle) Jan. 3, 2024, 12:01 p.m. UTC | #6
On Wed, Jan 03, 2024 at 10:22:00AM +0000, Russell King (Oracle) wrote:
> I agree with that approach, but as you rightly point out, we need MDIO
> to behave correctly, and I don't think that patching just one bit of
> MDIO to fix this mess is the right approach.

This is probably a safer approach to ensuring that the firmware data
reference count isn't dropped while the bus exists byensuring that we
always take a reference at register time. It also likely fixes similar
issues with ACPI and swnode based users as well.

It doesn't deal with the excess-refcount problem, as with this approach
the two issues are entirely independent of each other.

Please test to check that this addresses your issue. Thanks.

diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 6cf73c15635b..afbad1ad8683 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -193,6 +193,10 @@ static void mdiobus_release(struct device *d)
 	     bus->state != MDIOBUS_ALLOCATED,
 	     "%s: not in RELEASED or ALLOCATED state\n",
 	     bus->id);
+
+	if (bus->state == MDIOBUS_RELEASED)
+		fwnode_handle_put(dev_fwnode(d));
+
 	kfree(bus);
 }
 
@@ -684,6 +688,15 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
 	bus->dev.groups = NULL;
 	dev_set_name(&bus->dev, "%s", bus->id);
 
+	/* If the bus state is allocated, we're registering a fresh bus
+	 * that may have a fwnode associated with it. Grab a reference
+	 * to the fwnode. This will be dropped when the bus is released.
+	 * If the bus was set to unregistered, it means that the bus was
+	 * previously registered, and we've already grabbed a reference.
+	 */
+	if (bus->state == MDIOBUS_ALLOCATED)
+		fwnode_handle_get(dev_fwnode(&bus->dev));
+
 	/* We need to set state to MDIOBUS_UNREGISTERED to correctly release
 	 * the device in mdiobus_free()
 	 *
Luiz Angelo Daros de Luca Jan. 3, 2024, 9:50 p.m. UTC | #7
> Please test to check that this addresses your issue. Thanks.
>
> diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
> index 6cf73c15635b..afbad1ad8683 100644
> --- a/drivers/net/phy/mdio_bus.c
> +++ b/drivers/net/phy/mdio_bus.c
> @@ -193,6 +193,10 @@ static void mdiobus_release(struct device *d)
>              bus->state != MDIOBUS_ALLOCATED,
>              "%s: not in RELEASED or ALLOCATED state\n",
>              bus->id);
> +
> +       if (bus->state == MDIOBUS_RELEASED)
> +               fwnode_handle_put(dev_fwnode(d));
> +
>         kfree(bus);
>  }
>
> @@ -684,6 +688,15 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
>         bus->dev.groups = NULL;
>         dev_set_name(&bus->dev, "%s", bus->id);
>
> +       /* If the bus state is allocated, we're registering a fresh bus
> +        * that may have a fwnode associated with it. Grab a reference
> +        * to the fwnode. This will be dropped when the bus is released.
> +        * If the bus was set to unregistered, it means that the bus was
> +        * previously registered, and we've already grabbed a reference.
> +        */
> +       if (bus->state == MDIOBUS_ALLOCATED)
> +               fwnode_handle_get(dev_fwnode(&bus->dev));
> +
>         /* We need to set state to MDIOBUS_UNREGISTERED to correctly release
>          * the device in mdiobus_free()
>          *
> --

Thanks Russel. It is much better than my approach. You simply get/put
during registration/unregistration when a node is defined, no matter
who defined it (of_mdiobus_register or anything else). Clean and
simple.

Regards,

Luiz
diff mbox series

Patch

diff --git a/drivers/net/mdio/of_mdio.c b/drivers/net/mdio/of_mdio.c
index 64ebcb6d235c..9b6cab6154e0 100644
--- a/drivers/net/mdio/of_mdio.c
+++ b/drivers/net/mdio/of_mdio.c
@@ -139,6 +139,11 @@  bool of_mdiobus_child_is_phy(struct device_node *child)
 }
 EXPORT_SYMBOL(of_mdiobus_child_is_phy);
 
+static void __of_mdiobus_unregister_callback(struct mii_bus *mdio)
+{
+	of_node_put(mdio->dev.of_node);
+}
+
 /**
  * __of_mdiobus_register - Register mii_bus and create PHYs from the device tree
  * @mdio: pointer to mii_bus structure
@@ -166,6 +171,8 @@  int __of_mdiobus_register(struct mii_bus *mdio, struct device_node *np,
 	 * the device tree are populated after the bus has been registered */
 	mdio->phy_mask = ~0;
 
+	mdio->__unregister_callback = __of_mdiobus_unregister_callback;
+	of_node_get(np);
 	device_set_node(&mdio->dev, of_fwnode_handle(np));
 
 	/* Get bus level PHY reset GPIO details */
@@ -177,7 +184,7 @@  int __of_mdiobus_register(struct mii_bus *mdio, struct device_node *np,
 	/* Register the MDIO bus */
 	rc = __mdiobus_register(mdio, owner);
 	if (rc)
-		return rc;
+		goto put_node;
 
 	/* Loop over the child nodes and register a phy_device for each phy */
 	for_each_available_child_of_node(np, child) {
@@ -237,6 +244,9 @@  int __of_mdiobus_register(struct mii_bus *mdio, struct device_node *np,
 unregister:
 	of_node_put(child);
 	mdiobus_unregister(mdio);
+
+put_node:
+	of_node_put(np);
 	return rc;
 }
 EXPORT_SYMBOL(__of_mdiobus_register);
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 25dcaa49ab8b..1229b8e4c53b 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -787,6 +787,9 @@  void mdiobus_unregister(struct mii_bus *bus)
 		gpiod_set_value_cansleep(bus->reset_gpiod, 1);
 
 	device_del(&bus->dev);
+
+	if (bus->__unregister_callback)
+		bus->__unregister_callback(bus);
 }
 EXPORT_SYMBOL(mdiobus_unregister);
 
diff --git a/include/linux/phy.h b/include/linux/phy.h
index e5f1f41e399c..2b383da4d825 100644
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
@@ -433,6 +433,9 @@  struct mii_bus {
 
 	/** @shared: shared state across different PHYs */
 	struct phy_package_shared *shared[PHY_MAX_ADDR];
+
+	/** @__unregister_callback: called at the last step of unregistration */
+	void (*__unregister_callback)(struct mii_bus *bus);
 };
 #define to_mii_bus(d) container_of(d, struct mii_bus, dev)