Re: device_remove_file and disconnect
From: Dmitry Torokhov
Date: Thu Jun 30 2005 - 16:11:40 EST
On 6/30/05, Greg KH <greg@xxxxxxxxx> wrote:
> On Thu, Jun 30, 2005 at 09:26:43AM +0200, mat@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>
> > > Again, any specific place in the kernel that you see not doing this?
> > I believe some drivers expected that sysfs read/write callback are always
> > called when the device is plugged so they don't check if
> > to_usb_interface/usb_get_intfdata return valid pointer.
>
> Then they should be fixed. Any specific examples?
>
A lot of USB drivers implement sysfs attributes and then to something like this:
static ssize_t show_tabletProductId(struct device *dev, char *buf)
{
struct aiptek *aiptek = dev_get_drvdata(dev);
if (aiptek == NULL)
return 0;
return snprintf(buf, PAGE_SIZE, "0x%04x\n",
aiptek->inputdev->id.product);
}
aiptek structure is freed in aiptek_disconnect. It is possible that
CPU1 just passed that aiptek==NULL check and the task gets
rescheduled. Second CPU will do disconnect and kfree(aiptek).
You really need a semaphore in USB driver core to make sure that
device is not taken from you and that the driver that is bound to the
device is still the same.
--
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/