On Wed, Jul 21, 2021 at 4:46 PM Linus Walleij [off-list ref] wrote:

On Wed, Jul 14, 2021 at 12:35 AM Andy Shevchenko
[off-list ref] wrote:

quoted

To me described scenario sounds rather like an object lifetime possible issue.
In any case, shouldn’t VFS guarantee by a reference counting that
gpiochip_remove() wouldn’t be called while file descriptor is in use?
Or am I looking from the wrong end here?

What happens is that the GPIO device disappears (such as unplugging
a USB GPIO expander) while a multithreaded userspace is hammering
exotic ioctl() commands to the same device like crazy.

Under these circumstances (which should be rare, but you know,
developers) it could happen that an ioctl() sneak in before the
gpio_chip pointer is NULL if I read the code right.

So, gpio_chip is NULL but gpiodev is not NULL, correct?
If so, it means that the above mentioned scenario applies to the
latter one and I understand the checks.

-- 
With Best Regards,
Andy Shevchenko