LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH v2] bluetooth: bcm203x: update the reference count of udev
@ 2021-07-31 15:41 Salah Triki
  2021-08-01 18:01 ` Marcel Holtmann
  0 siblings, 1 reply; 4+ messages in thread
From: Salah Triki @ 2021-07-31 15:41 UTC (permalink / raw)
  To: Marcel Holtmann, Johan Hedberg, Luiz Augusto von Dentz, gregkh
  Cc: linux-bluetooth, linux-kernel

Use usb_get_dev() to increment the reference count of the usb device
structure in order to avoid releasing the structure while it is still in
use. And use usb_put_dev() to decrement the reference count and thus,
when it will be equal to 0 the structure will be released.

Signed-off-by: Salah Triki <salah.triki@gmail.com>
---
Change since v1:
	Modification of the description

 drivers/bluetooth/bcm203x.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
index e667933c3d70..547d35425d70 100644
--- a/drivers/bluetooth/bcm203x.c
+++ b/drivers/bluetooth/bcm203x.c
@@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
 	if (!data)
 		return -ENOMEM;
 
-	data->udev  = udev;
+	data->udev  = usb_get_dev(udev);
 	data->state = BCM203X_LOAD_MINIDRV;
 
 	data->urb = usb_alloc_urb(0, GFP_KERNEL);
@@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
 
 	usb_set_intfdata(intf, NULL);
 
+	usb_put_dev(data->udev);
+
 	usb_free_urb(data->urb);
 	kfree(data->fw_data);
 	kfree(data->buffer);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev
  2021-07-31 15:41 [PATCH v2] bluetooth: bcm203x: update the reference count of udev Salah Triki
@ 2021-08-01 18:01 ` Marcel Holtmann
  2021-08-02 19:34   ` Salah Triki
  0 siblings, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2021-08-01 18:01 UTC (permalink / raw)
  To: Salah Triki
  Cc: Johan Hedberg, Luiz Augusto von Dentz, Greg Kroah-Hartman, BlueZ,
	open list, Alan Stern, Oliver Neukum

Hi Salah,

> Use usb_get_dev() to increment the reference count of the usb device
> structure in order to avoid releasing the structure while it is still in
> use. And use usb_put_dev() to decrement the reference count and thus,
> when it will be equal to 0 the structure will be released.
> 
> Signed-off-by: Salah Triki <salah.triki@gmail.com>
> ---
> Change since v1:
> 	Modification of the description
> 
> drivers/bluetooth/bcm203x.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
> index e667933c3d70..547d35425d70 100644
> --- a/drivers/bluetooth/bcm203x.c
> +++ b/drivers/bluetooth/bcm203x.c
> @@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
> 	if (!data)
> 		return -ENOMEM;
> 
> -	data->udev  = udev;
> +	data->udev  = usb_get_dev(udev);
> 	data->state = BCM203X_LOAD_MINIDRV;
> 
> 	data->urb = usb_alloc_urb(0, GFP_KERNEL);
> @@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
> 
> 	usb_set_intfdata(intf, NULL);
> 
> +	usb_put_dev(data->udev);
> +
> 	usb_free_urb(data->urb);
> 	kfree(data->fw_data);
> 	kfree(data->buffer);

I do not understand this. If this is something broken, then it is broken in
btusb.c as well and that driver is heavily used by all sorts of devices. So
we should have seen bug reports about this.

Regards

Marcel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev
  2021-08-01 18:01 ` Marcel Holtmann
@ 2021-08-02 19:34   ` Salah Triki
  2021-08-02 20:16     ` Alan Stern
  0 siblings, 1 reply; 4+ messages in thread
From: Salah Triki @ 2021-08-02 19:34 UTC (permalink / raw)
  To: Marcel Holtmann
  Cc: Johan Hedberg, Luiz Augusto von Dentz, Greg Kroah-Hartman,
	open list, Alan Stern, Oliver Neukum

On Sun, Aug 01, 2021 at 08:01:06PM +0200, Marcel Holtmann wrote:
> Hi Salah,
> 
> > Use usb_get_dev() to increment the reference count of the usb device
> > structure in order to avoid releasing the structure while it is still in
> > use. And use usb_put_dev() to decrement the reference count and thus,
> > when it will be equal to 0 the structure will be released.
> > 
> > Signed-off-by: Salah Triki <salah.triki@gmail.com>
> > ---
> > Change since v1:
> > 	Modification of the description
> > 
> > drivers/bluetooth/bcm203x.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
> > index e667933c3d70..547d35425d70 100644
> > --- a/drivers/bluetooth/bcm203x.c
> > +++ b/drivers/bluetooth/bcm203x.c
> > @@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
> > 	if (!data)
> > 		return -ENOMEM;
> > 
> > -	data->udev  = udev;
> > +	data->udev  = usb_get_dev(udev);
> > 	data->state = BCM203X_LOAD_MINIDRV;
> > 
> > 	data->urb = usb_alloc_urb(0, GFP_KERNEL);
> > @@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
> > 
> > 	usb_set_intfdata(intf, NULL);
> > 
> > +	usb_put_dev(data->udev);
> > +
> > 	usb_free_urb(data->urb);
> > 	kfree(data->fw_data);
> > 	kfree(data->buffer);
> 
> I do not understand this. If this is something broken, then it is broken in
> btusb.c as well and that driver is heavily used by all sorts of devices. So
> we should have seen bug reports about this.
> 
> Regards
> 
> Marcel
> 
Hi Marcel,

The patch is based on the following documentation of usb_get_dev():

[quote]
Each live reference to a device should be refcounted.

Drivers for USB interfaces should normally record such references in their
probe() methods, when they bind to an interface, and release them by calling 
usb_put_dev(), in their disconnect() methods.
[/quote]

Regards

Salah

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] bluetooth: bcm203x: update the reference count of udev
  2021-08-02 19:34   ` Salah Triki
@ 2021-08-02 20:16     ` Alan Stern
  0 siblings, 0 replies; 4+ messages in thread
From: Alan Stern @ 2021-08-02 20:16 UTC (permalink / raw)
  To: Salah Triki
  Cc: Marcel Holtmann, Johan Hedberg, Luiz Augusto von Dentz,
	Greg Kroah-Hartman, open list, Oliver Neukum

On Mon, Aug 02, 2021 at 08:34:11PM +0100, Salah Triki wrote:
> On Sun, Aug 01, 2021 at 08:01:06PM +0200, Marcel Holtmann wrote:
> > Hi Salah,
> > 
> > > Use usb_get_dev() to increment the reference count of the usb device
> > > structure in order to avoid releasing the structure while it is still in
> > > use. And use usb_put_dev() to decrement the reference count and thus,
> > > when it will be equal to 0 the structure will be released.
> > > 
> > > Signed-off-by: Salah Triki <salah.triki@gmail.com>
> > > ---
> > > Change since v1:
> > > 	Modification of the description
> > > 
> > > drivers/bluetooth/bcm203x.c | 4 +++-
> > > 1 file changed, 3 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c
> > > index e667933c3d70..547d35425d70 100644
> > > --- a/drivers/bluetooth/bcm203x.c
> > > +++ b/drivers/bluetooth/bcm203x.c
> > > @@ -166,7 +166,7 @@ static int bcm203x_probe(struct usb_interface *intf, const struct usb_device_id
> > > 	if (!data)
> > > 		return -ENOMEM;
> > > 
> > > -	data->udev  = udev;
> > > +	data->udev  = usb_get_dev(udev);
> > > 	data->state = BCM203X_LOAD_MINIDRV;
> > > 
> > > 	data->urb = usb_alloc_urb(0, GFP_KERNEL);
> > > @@ -244,6 +244,8 @@ static void bcm203x_disconnect(struct usb_interface *intf)
> > > 
> > > 	usb_set_intfdata(intf, NULL);
> > > 
> > > +	usb_put_dev(data->udev);
> > > +
> > > 	usb_free_urb(data->urb);
> > > 	kfree(data->fw_data);
> > > 	kfree(data->buffer);
> > 
> > I do not understand this. If this is something broken, then it is broken in
> > btusb.c as well and that driver is heavily used by all sorts of devices. So
> > we should have seen bug reports about this.
> > 
> > Regards
> > 
> > Marcel
> > 
> Hi Marcel,
> 
> The patch is based on the following documentation of usb_get_dev():
> 
> [quote]
> Each live reference to a device should be refcounted.
> 
> Drivers for USB interfaces should normally record such references in their
> probe() methods, when they bind to an interface, and release them by calling 
> usb_put_dev(), in their disconnect() methods.
> [/quote]

That documentation is incorrect.  It is not necessary for drivers to 
take a reference to the devices they are bound to.  Properly written 
subsystems will guarantee that the driver is unbound from the device 
before the device is released.

To put it another way, if failure to take such a reference leads to an 
invalid memory access then there is a bug in the subsystem, not in the 
driver.

Rather than changing the bcm203x driver, you should consider getting rid 
of the unnecessary advice in the documentation of usb_get_dev.

Alan Stern

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-08-02 20:16 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-31 15:41 [PATCH v2] bluetooth: bcm203x: update the reference count of udev Salah Triki
2021-08-01 18:01 ` Marcel Holtmann
2021-08-02 19:34   ` Salah Triki
2021-08-02 20:16     ` Alan Stern

This is a public inbox, see mirroring instructions
on how to clone and mirror all data and code used for this inbox