Re: [PATCH] Driver core: fix race in __device_release_driver
From: David Woodhouse
Date: Fri Nov 16 2007 - 12:04:56 EST
On Fri, 2007-11-16 at 11:57 -0500, Alan Stern wrote:
> This patch (as1013) was suggested by David Woodhouse; it fixes a race
> in the driver core. If a device is unregistered at the same time as
> its driver is unloaded, the driver's code pages may be unmapped while
> the remove method is still running. The calls to get_driver() and
> put_driver() were intended to prevent this, but they don't work if the
> driver's module count has already dropped to 0.
>
> Instead, the patch keeps the device on the driver's list until after
> the remove method has returned. This forces the necessary
> synchronization to occur.
>
> Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> CC: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Since we're submitting it rather than just using it to explain the
problem, I suppose I should add:
Signed-off-by: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
> ---
>
> This should be considered for 2.6.24.
>
>
> Index: usb-2.6/drivers/base/dd.c
> ===================================================================
> --- usb-2.6.orig/drivers/base/dd.c
> +++ usb-2.6/drivers/base/dd.c
> @@ -289,11 +289,10 @@ static void __device_release_driver(stru
> {
> struct device_driver * drv;
>
> - drv = get_driver(dev->driver);
> + drv = dev->driver;
> if (drv) {
> driver_sysfs_remove(dev);
> sysfs_remove_link(&dev->kobj, "driver");
> - klist_remove(&dev->knode_driver);
>
> if (dev->bus)
> blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
> @@ -306,7 +305,7 @@ static void __device_release_driver(stru
> drv->remove(dev);
> devres_release_all(dev);
> dev->driver = NULL;
> - put_driver(drv);
> + klist_remove(&dev->knode_driver);
> }
> }
>
>
--
dwmw2
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/