Re: [PATCH] Input: serio - fix O(n^2) complexity in serio_unregister_driver()

Next message: Yury Norov: "Re: [PATCH v2 03/17] cpumask: Introduce cpu_preferred_mask"
Previous message: Sen Wang: "Re: [PATCH] drm/bridge: sii902x: Add Power Management hooks with audio context"
In reply to: Dmitry Torokhov: "Re: [PATCH] Input: serio - fix O(n^2) complexity in serio_unregister_driver()"
Next in thread: Mohamad Raizudeen: "Re: [PATCH] Input: serio - fix O(n^2) complexity in serio_unregister_driver()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dmitry Torokhov

Date: Wed Apr 08 2026 - 13:56:41 EST

On Wed, Apr 08, 2026 at 11:21:30PM +0530, Mohamad Raizudeen wrote:
> Hi Dmitry,

Please do not top-post.

>
> *We do not have such setups at the moment, but what about parent's parent's
> parent?*
> You are right. Even though we don't have such setups today, let me explain
> why the patch works for arbitrary depth.
>
> If we have three ports linked like A->B->C (A is top, B is child of A, C is
> child of B) and all use the same driver.

What happens if B uses different driver from A?

>
> C sees its parent B is using the same driver, skip C
> B sees its parent A is using the same driver, skip B
> A has no parent using the same driver, collect A
>
> When we disconnect A, it automatically destroys B and C. So all ports are
> cleaned up. The logic works for any number of levels.
>
> * Could you explain more about the use-after-free scenario?*
> If we collected both A and B, disconnecting A would free B. Then when we
> try to process B from the list, we would use memory that is already freed
> that leads to crash. My patch avoids this by never collecting a port whose
> parent is also using the same driver.

But currently we restart scanning the list, so there won't be any stale
entries. How would we end up with touching freed memory?

Thanks.

--
Dmitry