[PATCH v2 1/6] phy: core: Fix that API devm_phy_put() fails to release the phy

Zijun Hu posted 6 patches 1 month ago
There is a newer version of this series
[PATCH v2 1/6] phy: core: Fix that API devm_phy_put() fails to release the phy
Posted by Zijun Hu 1 month ago
From: Zijun Hu <quic_zijuhu@quicinc.com>

For devm_phy_put(), its comment says it needs to invoke phy_put() to
release the phy, but it does not invoke the function actually since
devres_destroy() will not call devm_phy_release() at all which will
call the function, and the missing phy_put() call will cause:

- The phy fails to be released.
- devm_phy_put() can not fully undo what API devm_phy_get() does.
- Leak refcount of both the module and device for below typical usage:

  devm_phy_get(); // or its variant
  ...
  err = do_something();
  if (err)
      goto err_out;
  ...
  err_out:
  devm_phy_put();

  The file(s) affected by this issue are shown below since they have such
  typical usage.
  drivers/pci/controller/cadence/pcie-cadence.c
  drivers/net/ethernet/ti/am65-cpsw-nuss.c

Fixed by using devres_release() instead of devres_destroy() within the API

Fixes: ff764963479a ("drivers: phy: add generic PHY framework")
Cc: stable@vger.kernel.org
Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: "Krzysztof Wilczyński" <kw@linux.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
---
 drivers/phy/phy-core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
index f053b525ccff..f190d7126613 100644
--- a/drivers/phy/phy-core.c
+++ b/drivers/phy/phy-core.c
@@ -737,7 +737,7 @@ void devm_phy_put(struct device *dev, struct phy *phy)
 	if (!phy)
 		return;
 
-	r = devres_destroy(dev, devm_phy_release, devm_phy_match, phy);
+	r = devres_release(dev, devm_phy_release, devm_phy_match, phy);
 	dev_WARN_ONCE(dev, r, "couldn't find PHY resource\n");
 }
 EXPORT_SYMBOL_GPL(devm_phy_put);

-- 
2.34.1

Re: [PATCH v2 1/6] phy: core: Fix that API devm_phy_put() fails to release the phy
Posted by Johan Hovold 3 weeks, 6 days ago
On Thu, Oct 24, 2024 at 10:39:26PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@quicinc.com>
> 
> For devm_phy_put(), its comment says it needs to invoke phy_put() to
> release the phy, but it does not invoke the function actually since
> devres_destroy() will not call devm_phy_release() at all which will
> call the function, and the missing phy_put() call will cause:

Please split the above up in at least two sentences to make it easier to
parse. Split it after devm_phy_release() and rephrase the latter part
(e.g. by dropping "at all which will call the function").
 
> - The phy fails to be released.
> - devm_phy_put() can not fully undo what API devm_phy_get() does.
> - Leak refcount of both the module and device for below typical usage:
> 
>   devm_phy_get(); // or its variant
>   ...
>   err = do_something();
>   if (err)
>       goto err_out;
>   ...
>   err_out:
>   devm_phy_put();
> 
>   The file(s) affected by this issue are shown below since they have such
>   typical usage.
>   drivers/pci/controller/cadence/pcie-cadence.c
>   drivers/net/ethernet/ti/am65-cpsw-nuss.c
> 
> Fixed by using devres_release() instead of devres_destroy() within the API
> 
> Fixes: ff764963479a ("drivers: phy: add generic PHY framework")
> Cc: stable@vger.kernel.org
> Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
> Cc: "Krzysztof Wilczyński" <kw@linux.com>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>

Diff itself looks good. Nice find.

Johan
Re: [PATCH v2 1/6] phy: core: Fix that API devm_phy_put() fails to release the phy
Posted by Zijun Hu 3 weeks, 6 days ago
On 2024/10/29 21:40, Johan Hovold wrote:
> On Thu, Oct 24, 2024 at 10:39:26PM +0800, Zijun Hu wrote:
>> From: Zijun Hu <quic_zijuhu@quicinc.com>
>>
>> For devm_phy_put(), its comment says it needs to invoke phy_put() to
>> release the phy, but it does not invoke the function actually since
>> devres_destroy() will not call devm_phy_release() at all which will
>> call the function, and the missing phy_put() call will cause:
> 
> Please split the above up in at least two sentences to make it easier to
> parse. Split it after devm_phy_release() and rephrase the latter part
> (e.g. by dropping "at all which will call the function").
>  

thank you for code review.
will take your suggestions and send v2 (^^).

>> - The phy fails to be released.
>> - devm_phy_put() can not fully undo what API devm_phy_get() does.
>> - Leak refcount of both the module and device for below typical usage:
>>
>>   devm_phy_get(); // or its variant
>>   ...
>>   err = do_something();
>>   if (err)
>>       goto err_out;
>>   ...
>>   err_out:
>>   devm_phy_put();
>>
>>   The file(s) affected by this issue are shown below since they have such
>>   typical usage.
>>   drivers/pci/controller/cadence/pcie-cadence.c
>>   drivers/net/ethernet/ti/am65-cpsw-nuss.c
>>
>> Fixed by using devres_release() instead of devres_destroy() within the API
>>
>> Fixes: ff764963479a ("drivers: phy: add generic PHY framework")
>> Cc: stable@vger.kernel.org
>> Cc: Lorenzo Pieralisi <lpieralisi@kernel.org>
>> Cc: "Krzysztof Wilczyński" <kw@linux.com>
>> Cc: Bjorn Helgaas <bhelgaas@google.com>
>> Cc: "David S. Miller" <davem@davemloft.net>
>> Cc: Eric Dumazet <edumazet@google.com>
>> Cc: Jakub Kicinski <kuba@kernel.org>
>> Cc: Paolo Abeni <pabeni@redhat.com>
>> Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
> 
> Diff itself looks good. Nice find.
> 
> Johan