[PATCH 2/4] cxl/mem: Fix cdev_device_add() error handling

From: Dan Williams
Date: Wed Mar 24 2021 - 17:02:58 EST

Next message: Dan Williams: "[PATCH 3/4] cxl/mem: Do not rely on device_add() side effects for dev_set_name() failures"
Previous message: Dan Williams: "[PATCH 4/4] cxl/mem: Disable cxl device power management"
In reply to: Dan Williams: "[PATCH 4/4] cxl/mem: Disable cxl device power management"
Next in thread: Jason Gunthorpe: "Re: [PATCH 2/4] cxl/mem: Fix cdev_device_add() error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If cdev_device_add() fails then the allocation performed by
dev_set_name() is leaked. Use put_device(), not open coded release, for
device_add() failures.

The comment is obsolete because direct err_id failures need not worry
about the device being live.

The release method expects the percpu_ref is already dead, so
percpu_ref_kill() is needed before put_device(). However, given that the
cdev was partially live wait_for_completion() also belongs in the
release method.

Fixes: b39cb1052a5c ("cxl/mem: Register CXL memX devices")
Reported-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
---
drivers/cxl/mem.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/drivers/cxl/mem.c b/drivers/cxl/mem.c
index 30bf4f0f3c17..e53d573ae4ab 100644
--- a/drivers/cxl/mem.c
+++ b/drivers/cxl/mem.c
@@ -1049,6 +1049,7 @@ static void cxl_memdev_release(struct device *dev)
{
struct cxl_memdev *cxlmd = to_cxl_memdev(dev);

+ wait_for_completion(&cxlmd->ops_dead);
percpu_ref_exit(&cxlmd->ops_active);
ida_free(&cxl_memdev_ida, cxlmd->id);
kfree(cxlmd);
@@ -1157,7 +1158,6 @@ static void cxlmdev_unregister(void *_cxlmd)

percpu_ref_kill(&cxlmd->ops_active);
cdev_device_del(&cxlmd->cdev, dev);
- wait_for_completion(&cxlmd->ops_dead);
cxlmd->cxlm = NULL;
put_device(dev);
}
@@ -1210,20 +1210,16 @@ static int cxl_mem_add_memdev(struct cxl_mem *cxlm)
cdev_init(cdev, &cxl_memdev_fops);

rc = cdev_device_add(cdev, dev);
- if (rc)
- goto err_add;
+ if (rc) {
+ percpu_ref_kill(&cxlmd->ops_active);
+ put_device(dev);
+ return rc;
+ }

return devm_add_action_or_reset(dev->parent, cxlmdev_unregister, cxlmd);

-err_add:
- ida_free(&cxl_memdev_ida, cxlmd->id);
err_id:
- /*
- * Theoretically userspace could have already entered the fops,
- * so flush ops_active.
- */
percpu_ref_kill(&cxlmd->ops_active);
- wait_for_completion(&cxlmd->ops_dead);
percpu_ref_exit(&cxlmd->ops_active);
err_ref:
kfree(cxlmd);

Next message: Dan Williams: "[PATCH 3/4] cxl/mem: Do not rely on device_add() side effects for dev_set_name() failures"
Previous message: Dan Williams: "[PATCH 4/4] cxl/mem: Disable cxl device power management"
In reply to: Dan Williams: "[PATCH 4/4] cxl/mem: Disable cxl device power management"
Next in thread: Jason Gunthorpe: "Re: [PATCH 2/4] cxl/mem: Fix cdev_device_add() error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]