[TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Bartosz Golaszewski]

Hi!

I submitted this proposal on time using the website but forgot about
sending it here too. Hope that's alright. The abstract follows.

Bartosz Golaszewski

--

Recently there have been several talks about issues with object
ownership in device drivers, use-after-free bugs and problems with
handling hot unplug events in certain subsystems.

First Laurent Pinchart revisited an older discussion about the harmful
side-effects of devres helpers during LPC 2022[1]. I then went down
that rabbit hole only to discover a whole suite of issues, not really
linked to devres in any way but rather mostly caused by the way
subsystems and drivers mix reference counted resources with regular
ones[2]. This year Wolfram Sang continued the research and presented
even more vulnerable subsystems as well as some potential remedies
during his talk at the EOSS 2023 in Prague[3].

I have since experimented with several approaches and would like to
present some updates on this subject. During this talk I plan to jump
straight into presenting concrete ideas and timelines for improving
the driver model and introducing some unification in the way
subsystems handle driver data. While this is a significant effort
spanning multiple device subsystems that will need to be carried out
in many phases over what will most likely be years, without addressing
the problems, we'll be left with many parts of the kernel not being
able to correctly handle simple driver unbinds.

[1] https://lpc.events/event/16/contributions/1227/
[2] https://fosdem.org/2023/schedule/event/devm_kzalloc/
[3] https://eoss2023.sched.com/event/1LcPP/subsystems-with-object-lifetime-issues-in-the-embedded-case-wolfram-sang-sang-engineering-renesas

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Linus Walleij]

On Wed, Aug 9, 2023 at 8:05 PM Bartosz Golaszewski
<bartosz.golaszewski@linaro.org> wrote:

> Recently there have been several talks about issues with object
> ownership in device drivers, use-after-free bugs and problems with
> handling hot unplug events in certain subsystems.

1. Good topic.

2. Is this also where we discuss the use of <linux/cleanup.h>
    commit 54da6a0924311c7cf5015533991e44fb8eb12773
    ? Because I would certainly like to learn more about that
    thing with an example or two.

Yours,
Linus Walleij

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[SeongJae Park]

On Thu, 10 Aug 2023 00:03:20 +0200 Linus Walleij <linus.walleij@linaro.org> wrote:

> On Wed, Aug 9, 2023 at 8:05 PM Bartosz Golaszewski
> <bartosz.golaszewski@linaro.org> wrote:
> 
> > Recently there have been several talks about issues with object
> > ownership in device drivers, use-after-free bugs and problems with
> > handling hot unplug events in certain subsystems.
> 
> 1. Good topic.
> 
> 2. Is this also where we discuss the use of <linux/cleanup.h>
>     commit 54da6a0924311c7cf5015533991e44fb8eb12773
>     ? Because I would certainly like to learn more about that
>     thing with an example or two.

Plus one.


Thanks,
SJ

> 
> Yours,
> Linus Walleij
> 

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Bartosz Golaszewski]

On Thu, 10 Aug 2023 at 00:03, Linus Walleij <linus.walleij@linaro.org> wrote:
>
> On Wed, Aug 9, 2023 at 8:05 PM Bartosz Golaszewski
> <bartosz.golaszewski@linaro.org> wrote:
>
> > Recently there have been several talks about issues with object
> > ownership in device drivers, use-after-free bugs and problems with
> > handling hot unplug events in certain subsystems.
>
> 1. Good topic.
>
> 2. Is this also where we discuss the use of <linux/cleanup.h>
>     commit 54da6a0924311c7cf5015533991e44fb8eb12773
>     ? Because I would certainly like to learn more about that
>     thing with an example or two.
>

Not really, the problem with subsystems is more about referencing
resources that can go from under you without you knowing, but there is
an interesting coding pattern in C with autopointers and reference
counting that I definitely will talk about.

Bartosz

> Yours,
> Linus Walleij

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Greg KH]

On Wed, Aug 09, 2023 at 08:04:39PM +0200, Bartosz Golaszewski wrote:
> Hi!
> 
> I submitted this proposal on time using the website but forgot about
> sending it here too. Hope that's alright. The abstract follows.
> 
> Bartosz Golaszewski
> 
> --
> 
> Recently there have been several talks about issues with object
> ownership in device drivers, use-after-free bugs and problems with
> handling hot unplug events in certain subsystems.
> 
> First Laurent Pinchart revisited an older discussion about the harmful
> side-effects of devres helpers during LPC 2022[1]. I then went down
> that rabbit hole only to discover a whole suite of issues, not really
> linked to devres in any way but rather mostly caused by the way
> subsystems and drivers mix reference counted resources with regular
> ones[2]. This year Wolfram Sang continued the research and presented
> even more vulnerable subsystems as well as some potential remedies
> during his talk at the EOSS 2023 in Prague[3].
> 
> I have since experimented with several approaches and would like to
> present some updates on this subject. During this talk I plan to jump
> straight into presenting concrete ideas and timelines for improving
> the driver model and introducing some unification in the way
> subsystems handle driver data. While this is a significant effort
> spanning multiple device subsystems that will need to be carried out
> in many phases over what will most likely be years, without addressing
> the problems, we'll be left with many parts of the kernel not being
> able to correctly handle simple driver unbinds.

I'm all for this, we need some major work in this area.

thanks,

greg k-h

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Julia Lawall]

On Wed, 9 Aug 2023, Bartosz Golaszewski wrote:

> Hi!
>
> I submitted this proposal on time using the website but forgot about
> sending it here too. Hope that's alright. The abstract follows.
>
> Bartosz Golaszewski
>
> --
>
> Recently there have been several talks about issues with object
> ownership in device drivers, use-after-free bugs and problems with
> handling hot unplug events in certain subsystems.
>
> First Laurent Pinchart revisited an older discussion about the harmful
> side-effects of devres helpers during LPC 2022[1]. I then went down
> that rabbit hole only to discover a whole suite of issues, not really
> linked to devres in any way but rather mostly caused by the way
> subsystems and drivers mix reference counted resources with regular
> ones[2]. This year Wolfram Sang continued the research and presented
> even more vulnerable subsystems as well as some potential remedies
> during his talk at the EOSS 2023 in Prague[3].
>
> I have since experimented with several approaches and would like to
> present some updates on this subject. During this talk I plan to jump
> straight into presenting concrete ideas and timelines for improving
> the driver model and introducing some unification in the way
> subsystems handle driver data. While this is a significant effort
> spanning multiple device subsystems that will need to be carried out
> in many phases over what will most likely be years, without addressing
> the problems, we'll be left with many parts of the kernel not being
> able to correctly handle simple driver unbinds.
>
> [1] https://lpc.events/event/16/contributions/1227/
> [2] https://fosdem.org/2023/schedule/event/devm_kzalloc/
> [3] https://eoss2023.sched.com/event/1LcPP/subsystems-with-object-lifetime-issues-in-the-embedded-case-wolfram-sang-sang-engineering-renesas

I will be very interested in seeing this talk.

julia

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Laurent Pinchart]

On Thu, Aug 10, 2023 at 05:47:02PM +0200, Greg KH wrote:
> On Wed, Aug 09, 2023 at 08:04:39PM +0200, Bartosz Golaszewski wrote:
> > Hi!
> > 
> > I submitted this proposal on time using the website but forgot about
> > sending it here too. Hope that's alright. The abstract follows.
> > 
> > Bartosz Golaszewski
> > 
> > --
> > 
> > Recently there have been several talks about issues with object
> > ownership in device drivers, use-after-free bugs and problems with
> > handling hot unplug events in certain subsystems.
> > 
> > First Laurent Pinchart revisited an older discussion about the harmful
> > side-effects of devres helpers during LPC 2022[1]. I then went down
> > that rabbit hole only to discover a whole suite of issues, not really
> > linked to devres in any way but rather mostly caused by the way
> > subsystems and drivers mix reference counted resources with regular
> > ones[2]. This year Wolfram Sang continued the research and presented
> > even more vulnerable subsystems as well as some potential remedies
> > during his talk at the EOSS 2023 in Prague[3].
> > 
> > I have since experimented with several approaches and would like to
> > present some updates on this subject. During this talk I plan to jump
> > straight into presenting concrete ideas and timelines for improving
> > the driver model and introducing some unification in the way
> > subsystems handle driver data. While this is a significant effort
> > spanning multiple device subsystems that will need to be carried out
> > in many phases over what will most likely be years, without addressing
> > the problems, we'll be left with many parts of the kernel not being
> > able to correctly handle simple driver unbinds.
> 
> I'm all for this, we need some major work in this area.

Likewise. I will however not be physically present at the kernel summit
this year, but plan to participate remotely.

-- 
Regards,

Laurent Pinchart

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Wolfram Sang]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]


> > I'm all for this, we need some major work in this area.

Obviuosly, +1 from me as well.

> Likewise. I will however not be physically present at the kernel summit
> this year, but plan to participate remotely.

This is possible? Would be great, I'd also like to attend this session
to share some more experiences which were out of scope for my talk at
EOSS.


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [TECH TOPIC] Improving resource ownership and life-time in linux device drivers

[Herrenschmidt, Benjamin]

On Thu, 2023-08-10 at 17:47 +0200, Greg KH wrote:
> > 
.../...

> > I have since experimented with several approaches and would like to
> > present some updates on this subject. During this talk I plan to jump
> > straight into presenting concrete ideas and timelines for improving
> > the driver model and introducing some unification in the way
> > subsystems handle driver data. While this is a significant effort
> > spanning multiple device subsystems that will need to be carried out
> > in many phases over what will most likely be years, without addressing
> > the problems, we'll be left with many parts of the kernel not being
> > able to correctly handle simple driver unbinds.
> 
> I'm all for this, we need some major work in this area.

I've lost track a bit of which summit is which as I'm operating further
away from the kernel than I'd like to these days, but this is
definitely something I would like to see presented to as wide an
audience as possible :)

Cheers,
Ben.