Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev

From: Alan Stern
Date: Mon Aug 02 2021 - 16:16:24 EST

Next message: Mark Brown: "Re: [PATCH 2/3] spi: modify set_cs_timing parameter"
Previous message: Michael S. Tsirkin: "Re: [PATCH 2/4] VSOCK DRIVER: support communication using additional guest cid"
In reply to: Salah Triki: "Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 02, 2021 at 08:34:11PM +0100, Salah Triki wrote:
> On Sun, Aug 01, 2021 at 08:01:06PM +0200, Marcel Holtmann wrote:
> > Hi Salah,
> >
> > > Use usb_get_dev() to increment the reference count of the usb device
> > > structure in order to avoid releasing the structure while it is still in
> > > use. And use usb_put_dev() to decrement the reference count and thus,
> > > when it will be equal to 0 the structure will be released.
> > >
> > > Signed-off-by: Salah Triki <salah.triki@xxxxxxxxx>
> > > ---
> > > Change since v1:
> > > Modification of the description
> > >
> > > drivers/bluetooth/bcm203x.c | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
> > > index e667933c3d70..547d35425d70 100644
> > > --- a/drivers/bluetooth/bcm203x.c
> > > +++ b/drivers/bluetooth/bcm203x.c
> > > @@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
> > > if (!data)
> > > return -ENOMEM;
> > >
> > > - data->udev = udev;
> > > + data->udev = usb_get_dev(udev);
> > > data->state = BCM203X_LOAD_MINIDRV;
> > >
> > > data->urb = usb_alloc_urb(0, GFP_KERNEL);
> > > @@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
> > >
> > > usb_set_intfdata(intf, NULL);
> > >
> > > + usb_put_dev(data->udev);
> > > +
> > > usb_free_urb(data->urb);
> > > kfree(data->fw_data);
> > > kfree(data->buffer);
> >
> > I do not understand this. If this is something broken, then it is broken in
> > btusb.c as well and that driver is heavily used by all sorts of devices. So
> > we should have seen bug reports about this.
> >
> > Regards
> >
> > Marcel
> >
> Hi Marcel,
>
> The patch is based on the following documentation of usb_get_dev():
>
> [quote]
> Each live reference to a device should be refcounted.
>
> Drivers for USB interfaces should normally record such references in their
> probe() methods, when they bind to an interface, and release them by calling
> usb_put_dev(), in their disconnect() methods.
> [/quote]

That documentation is incorrect. It is not necessary for drivers to
take a reference to the devices they are bound to. Properly written
subsystems will guarantee that the driver is unbound from the device
before the device is released.

To put it another way, if failure to take such a reference leads to an
invalid memory access then there is a bug in the subsystem, not in the
driver.

Rather than changing the bcm203x driver, you should consider getting rid
of the unnecessary advice in the documentation of usb_get_dev.

Alan Stern

Next message: Mark Brown: "Re: [PATCH 2/3] spi: modify set_cs_timing parameter"
Previous message: Michael S. Tsirkin: "Re: [PATCH 2/4] VSOCK DRIVER: support communication using additional guest cid"
In reply to: Salah Triki: "Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]