Re: [PATCH 1/2] thunderbolt: Fix a leak in tb_retimer_add()
From: Mika Westerberg
Date: Mon Mar 29 2021 - 11:06:57 EST
On Mon, Mar 29, 2021 at 11:54:05AM -0300, Jason Gunthorpe wrote:
> On Mon, Mar 29, 2021 at 05:43:23PM +0300, Mika Westerberg wrote:
>
> > The nvm is a separate (physical Linux) device that gets added under this
> > one. It cannot be added before AFAICT.
>
> Hum, yes, but then it is odd that a parent is holding sysfs attributes
> that refer to a child.
Well the child (NVMem) comes from completely different subsystem that
does not have a concept of "authentication" or anythin similar. This is
what we add on top. We actually exposer two NVMem devices under each
retimer: one that is the current active one, and then the one that is
used to write the new firmware image.
> > The code you refer actually looks like this:
> >
> > static ssize_t nvm_authenticate_store(struct device *dev,
> > struct device_attribute *attr, const char *buf, size_t count)
> > {
> > ...
> > if (!mutex_trylock(&rt->tb->lock)) {
> > ret = restart_syscall();
> > goto exit_rpm;
> > }
>
> Is that lock held during tb_retimer_nvm_add() I looked for a bit and
> didn't find something. So someplace more than 4 call site above
> mandatory locking is being held?
Yes it is. It is called from tb_scan_port() where that lock is held.
> static void tb_retimer_remove(struct tb_retimer *rt)
> {
> dev_info(&rt->dev, "retimer disconnected\n");
> tb_nvm_free(rt->nvm);
> device_unregister(&rt->dev);
> }
>
> Here too?
Yes.
> And this is why it is all trylock because it deadlocks with unregister
> otherwise?
I tried to explain it in 09f11b6c99fe ("thunderbolt: Take domain lock in
switch sysfs attribute callbacks"), except that at that time we did not
have retimers exposed but the same applies here too.