Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq allocated irq

From: Miquel Raynal
Date: Thu May 27 2021 - 10:41:03 EST

Next message: Tom Lendacky: "Re: [PATCH v7 01/15] swiotlb: Refactor swiotlb init functions"
Previous message: Dan Carpenter: "Re: [PATCH -next 2/3] xen: balloon: Replaced simple_strtoull() with kstrtoull()"
In reply to: Yang Yingliang: "Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq allocated irq"
Next in thread: Yang Yingliang: "Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq allocated irq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Yang,

Yang Yingliang <yangyingliang@xxxxxxxxxx> wrote on Thu, 27 May 2021
21:49:53 +0800:

> Hi,
>
> On 2021/5/27 18:01, Miquel Raynal wrote:
> > Hi Yang,
> >
> > Yang Yingliang <yangyingliang@xxxxxxxxxx> wrote on Tue, 18 May 2021
> > 21:11:27 +0800:
> >
> >> irq allocated with devm_request_irq should not be freed using
> >> free_irq, because doing so causes a dangling pointer, and a
> >> subsequent double free.
> >>
> >> Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
> >> Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
> >> ---
> >> drivers/i3c/master/svc-i3c-master.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c
> >> index 1f6ba4221817..761c9c468357 100644
> >> --- a/drivers/i3c/master/svc-i3c-master.c
> >> +++ b/drivers/i3c/master/svc-i3c-master.c
> >> @@ -1448,7 +1448,7 @@ static int svc_i3c_master_remove(struct platform_device *pdev)
> >> if (ret)
> >> return ret;
> >> >> - free_irq(master->irq, master);
> >> + devm_free_irq(&pdev->dev, master->irq, master);
> > Wouldn't removing this call the right solution? If it's a device
> > managed resource, it won't probably be needed to free it explicitly in
> > the remove path.
> Some drivers would expect to free irq itself,

I don't get it. Drivers do not expect anything, they should just comply
with the API. If robots complain because a device managed resource is
being freed without the device managed helper, this does not mean that
the resource should explicitly be freed, it just means that *if* it
must be explicitly freed, the wrong helper is being used.

> I am not sure if it's ok to remove the free_irq() in i3c,

What is the link with I3C? Sorry I might be missing something but
master->irq is a driver variable, I don't get the link with the I3C
framework and why it would interfere.

> I just keep the original logic here and avoid double free.

I don't think it is sane. Calling devm_free_irq() maybe is the right
solution - I don't feel like it is - but your certainly can't hide
behind a 'I just want the robots to be happy' justification. Hiding
bugs on purpose is not something that I personally appreciate much.

Thanks,
Miquèl

Next message: Tom Lendacky: "Re: [PATCH v7 01/15] swiotlb: Refactor swiotlb init functions"
Previous message: Dan Carpenter: "Re: [PATCH -next 2/3] xen: balloon: Replaced simple_strtoull() with kstrtoull()"
In reply to: Yang Yingliang: "Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq allocated irq"
Next in thread: Yang Yingliang: "Re: [PATCH -next] i3c: master: svc: drop free_irq of devm_request_irq allocated irq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]