Re: [PATCH] driver core: fix shutdown races with probe/remove(v1)

From: Alan Stern <stern@rowland.harvard.edu>
Date: 2012-06-08 13:40:32
Also in: lkml

On Fri, 8 Jun 2012, Ming Lei wrote:

quoted hunk ↗ jump to hunk

Firstly, .shutdown callback may touch a uninitialized hardware
if dev->driver is set and .probe is not completed.

Secondly, device_shutdown() may dereference a null pointer to cause
oops when dev->driver is cleared after it is checked in
device_shutdown().

So just hold device lock and its parent lock if it has to fix the
races.

Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Ming Lei <redacted>
---
 drivers/base/core.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/base/core.c b/drivers/base/core.c
index 346be8b..cbc8bd2 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c

@@ -1820,6 +1820,11 @@ void device_shutdown(void)
 		list_del_init(&dev->kobj.entry);
 		spin_unlock(&devices_kset->list_lock);
 
+		/*hold lock[s] to avoid races with .probe/.release*/
+		if (dev->parent)
+			device_lock(dev->parent);
+		device_lock(dev);

Would you prefer to use device_trylock in a loop?  I guess this comes 
down to which you prefer: a hang during shutdown, or a crash.  :-)

Alan Stern

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help