From mboxrd@z Thu Jan 1 00:00:00 1970 From: linux@arm.linux.org.uk (Russell King - ARM Linux) Date: Wed, 26 Sep 2012 21:23:21 +0100 Subject: [BUG] Deferred probing in driver model is racy, resulting in lost probes In-Reply-To: <20120926200833.GA14340@kroah.com> References: <20120818145856.GP18957@n2100.arm.linux.org.uk> <20120916082510.GN12245@n2100.arm.linux.org.uk> <20120926200833.GA14340@kroah.com> Message-ID: <20120926202321.GD30938@n2100.arm.linux.org.uk> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Wed, Sep 26, 2012 at 01:08:33PM -0700, Greg Kroah-Hartman wrote: > On Sun, Sep 16, 2012 at 09:24:43PM +0800, Ming Lei wrote: > > diff --git a/drivers/base/bus.c b/drivers/base/bus.c > > index 181ed26..17d7437 100644 > > --- a/drivers/base/bus.c > > +++ b/drivers/base/bus.c > > @@ -714,12 +714,12 @@ int bus_add_driver(struct device_driver *drv) > > if (error) > > goto out_unregister; > > > > + klist_add_tail(&priv->knode_bus, &bus->p->klist_drivers); > > if (drv->bus->p->drivers_autoprobe) { > > error = driver_attach(drv); > > if (error) > > goto out_unregister; > > } > > - klist_add_tail(&priv->knode_bus, &bus->p->klist_drivers); > > module_add_driver(drv->owner, drv); > > > > error = driver_create_file(drv, &driver_attr_uevent); > > > > > > > > Did the above patch ever prove to solve the issue or not? To be honest, I've not bothered to test the above patch, and now when I look at it, I notice it's broken - in that on error it will corrupt the driver list. Take a look at the error path. priv is drv->p. We add priv->knode_bus to the driver list. If driver_attach() returns an error, then we go to out_unregister, which does: out_unregister: kobject_put(&priv->kobj); kfree(drv->p); drv->p = NULL; thereby freeing the node we just added to the driver list without first removing it. I suspect it will fix the problem, but let's get the patch to be correct before it gets tested...