[PATCH 0/8] counter: Remove struct counter_device::priv
Lars-Peter Clausen
lars at metafoo.de
Tue Dec 21 03:12:12 PST 2021
On 12/21/21 11:45 AM, Uwe Kleine-König wrote:
> Hello,
>
> similar to patch
> https://lore.kernel.org/r/4bde7cbd9e43a5909208102094444219d3154466.1640072891.git.vilhelm.gray@gmail.com
> the usage of struct counter_device::priv can be replaced by
> container_of which improves type safety and code size.
>
> This series depends on above patch, converts the remaining drivers and
> finally drops struct counter_device::priv.
Not sure if this is such a good idea. struct counter_device should not
be embedded in the drivers state struct in the first place.
struct counter_device contains a struct device, which is a reference
counted object. But by embedding it in the driver state struct the life
time of both the struct counter_device and and struct device are bound
to the life time of the driver state struct.
Which means the struct device memory can get freed before the last
reference is dropped, which leads to a use-after-free and undefined
behavior.
The framework should be changed to rather then embedding the struct
counter_device in the state struct to just have a pointer to it. With
the struct counter_device having its own allocation that will be freed
when the last reference to the struct device is dropped.
- Lars
More information about the linux-arm-kernel
mailing list