On Wed, Feb 6, 2019 at 12:30 PM Dmitry Torokhov
<dmitry.torok...@gmail.com> wrote:
>
> Yeah. But devm irq gave most trouble because we did not have enough
> devm APIs so we often ended up with mixed devm/non-devm usage and that
> is what was causing most of the issues. If we can switch everything to
> devm then devm irq is not that troublesome.
>
It sounds to me like _incomplete_ devm_ is worse than no devm at all.
Imagine a devm_ resource depends on a non-devm one:
int acme_probe(struct device *dev)
{
...
r = create_something();
d = devm_create_thing(dev, r);
}
Then remove could get us into some serious trouble:
void acme_remove(struct device *dev)
{
/* r _must_ be released here, we have no other place to do it */
destroy_something(r);
/* here, d is still alive because it's devm
* which is cleaned up _after_ remove().
* Now we have a live resource using a released resource.
* use-after-free anyone?
*/
}
This is a more generalized version of the issue I originally
observed, where r => struct work_struct.
I'm sure there must be plenty of these around the codebase.
I wish we had a Coccinelle script to catch these, because it's
one thing to fix them today. More will be added tomorrow.
devm_ is so elegant that people frequently use it without
thinking it through.
I certainly would have, before yesterday :)
