On Wed, Feb 05, 2020 at 12:04:15PM -0800, Dan Williams wrote: > On Wed, Feb 5, 2020 at 11:28 AM Dan Carpenter <[email protected]> > wrote: > > > > On Wed, Feb 05, 2020 at 11:16:22AM -0800, Dan Williams wrote: > > > Ugh, sorry I thought you were pointing out that there's too many > > > put_device() not the use after free. Yes, the use after free is a bug > > > that needs fixing. > > > > I am complaining about the device_puts... If we call device_put() > > twice then it cause a problem in __nvdimm_create() > > > > drivers/nvdimm/dimm_devs.c > > 506 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, > > NVDIMM_USER); > > 507 nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm, > > NVDIMM_MASTER); > > 508 nd_device_register(dev); > > 509 > > 510 return nvdimm; > > ^^^^^^ > > If we call device_put() twice then we this pointer within 4 seconds. > > "we this pointer"? We "what" this pointer. 4 seconds is relative to a > runtime test case? >
Sorry. I meant we *free* it. The second device_put() leads to a nvdimm_release(dev) where dev is "&nvdimm->dev" within 0-4 seconds. Most times it will free it immediately but if you have CONFIG_DEBUG_KOBJECT_RELEASE enabled then it will wait between 1-4 seconds and then free nvdimm. It's a config option, not a runtime thing. regards, dan carpenter _______________________________________________ Linux-nvdimm mailing list -- [email protected] To unsubscribe send an email to [email protected]
