Race condition between driver_probe_device and device_shutdownâ
From: Wedson Almeida Filho
Date: Wed May 09 2012 - 22:53:17 EST
Hi,
I'm seeing a driver crash in its shutdown routine because it's
touching some uninitialized state. It turns out that the driver's
probe routine was still running [for the same device]. There also
appears to be an issue in the remove path, where device_shutdown()
checks the dev->driver pointer and uses it later, with seemingly
nothing to guarantee that it doesn't change.
Shouldn't we synchronize the shutdown routine with probe/remove to
prevent such races?
The patch below should take care of these races.
Thoughts?
diff --git a/drivers/base/core.c b/drivers/base/core.c
index e28ce98..f2c63c6 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -1823,6 +1823,9 @@ void device_shutdown(void)
pm_runtime_get_noresume(dev);
pm_runtime_barrier(dev);
+ if (dev->parent) /* Needed for USB */
+ device_lock(dev->parent);
+ device_lock(dev);
if (dev->bus && dev->bus->shutdown) {
dev_dbg(dev, "shutdown\n");
dev->bus->shutdown(dev);
@@ -1830,6 +1833,9 @@ void device_shutdown(void)
dev_dbg(dev, "shutdown\n");
dev->driver->shutdown(dev);
}
+ device_unlock(dev);
+ if (dev->parent)
+ device_unlock(dev->parent);
put_device(dev);
spin_lock(&devices_kset->list_lock);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/