From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752920AbbC3LzE (ORCPT ); Mon, 30 Mar 2015 07:55:04 -0400 Received: from mailout3.samsung.com ([203.254.224.33]:63295 "EHLO mailout3.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751923AbbC3Ly5 (ORCPT ); Mon, 30 Mar 2015 07:54:57 -0400 X-AuditID: cbfee690-f79ab6d0000046f7-7b-5519398f57de Date: Mon, 30 Mar 2015 11:54:55 +0000 (GMT) From: EunTaik Lee Subject: Re: Re: [PATCH] fix race condition between device_del and device_add To: "gregkh@linuxfoundation.org" Cc: "linux-kernel@vger.kernel.org" Reply-to: eun.taik.lee@samsung.com MIME-version: 1.0 X-MTR: 20150330113409698@eun.taik.lee Msgkey: 20150330113409698@eun.taik.lee X-EPLocale: ko_KR.utf-8 X-Priority: 3 X-EPWebmail-Msg-Type: personal X-EPWebmail-Reply-Demand: 0 X-EPApproval-Locale: X-EPHeader: ML X-MLAttribute: X-RootMTR: 20150330113409698@eun.taik.lee X-ParentMTR: X-ArchiveUser: EV X-CPGSPASS: N X-ConfirmMail: N,general Content-type: text/plain; charset=utf-8 MIME-version: 1.0 Message-id: <99368734.97531427716494863.JavaMail.weblogic@epmlwas08c> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBJsWRmVeSWpSXmKPExsVy+t8zTd1+S8lQg3lzZS0u75rD5sDo8XmT XABjVAOjTWJRckZmWapCal5yfkpmXrqtUmiIm66FkkJGfnGJrVK0kYGxnpGpiZ6RibmepUGs lZGpkkJeYm6qrVKFLlSvkkJRcgFQbW5lMdCAnFQ9qLhecWpeikNWfinIJXrFibnFpXnpesn5 uUoKZYk5pUAjlPQTpjJmnFv+jK1gh0LF6d1zmBoYT8h3MXJyCAmoS5zYvYYFxJYQMJHYO3Uh G4QtJnHh3nogmwuoZhmjxOVz25i6GDnAivbvr4KIz2GU2NS6lBmkgUVAVeLAhZVgNpuArsT/ j13sILawgK/EpO3NYLaIgK3ExGXdYDXMAo4Sjy7fYYY4Qkli/uEGsCN4BQQlTs58AnWQqsTS nldMEHE1iVPte6COE5e4MPcSO4TNKzGj/SlUvZzEtK9rmCFsaYnzszYwwjyz+PtjqDi/xLHb O5ggbAGJqWcOQtVoSfx7exSqhk9izcK3UDMFJU5f62aG2XV/y1yoXgmJrS1PWCF+UZSY0v2Q HRQ+zAKaEut36aN7hVfAVWLurANQ58/kkNh0QnYCo9IsJGWzkEyahTAJWckCRpZVjKKpBckF xUnpRSbIcb2JEZIEJ+xgvHfA+hCjAAejEg+vQ71EqBBrYllxZe4hxmRgJE1klhJNzgem2ryS eENjMyMLUxNTYyNzSzMMYRNTCwsTIxzCSuK8r6V+BgsJpCeWpGanphakFsUXleakFh9iZOLg lGpgNLvms+JL8G9RiSJdLa9TM+XnpEtnbpa5Ehfak/ty0r39vo/+vOb/cq3B5F3LC95vq5Se K71ikX2ub3TZo3nlAof3H1/u32ijrXb9nrdU9uvL0tYXnY9UL9+ZF+E887lMSaje13dBTne+ lXlHvwxftWx6krzZ7dK21ul1zsbzHjDqX+yw12zgUWIpzkg01GIuKk4EAKDne+arAwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGKsWRmVeSWpSXmKPExsVy+t/tft1+S8lQg9ZTkhaXd81hc2D0+LxJ LoAxKsMmIzUxJbVIITUvOT8lMy/dVsk7ON453tTMwFDX0NLCXEkhLzE31VbJxSdA1y0zB2io kkJZYk4pUCggsbhYSd/Opii/tCRVISO/uMRWKdrIwFjPyNREz8jYQM/EINbK0MDAyBSoKiEj 49zyZ2wFOxQqTu+ew9TAeEK+i5GTQ0hAXeLE7jUsXYwcHBICJhL791eBhCUExCQu3FvP1sXI BVQyh1FiU+tSZpAEi4CqxIELK8FsNgFdif8fu9hBbGEBX4lJ25vBbBEBW4mJy7rBapgFHCUe Xb7DDLFLSWL+4QYWEJtXQFDi5MwnLBDLVCWW9rxigoirSZxq38MGEReXuDD3EjuEzSsxo/0p VL2cxLSva5ghbGmJ87M2MMIcvfj7Y6g4v8Sx2zuYIGwBialnDkLVaEn8e3sUqoZPYs3Ct1Az BSVOX+tmhtl1f8tcqF4Jia0tT1ghflGUmNL9kB0UVswCmhLrd+mje4VXwFVi7qwDbBMYZWch Sc1C0j0LoRtZyQJGllWMoqkFyQXFSekVJnrFibnFpXnpesn5uZsYwWno2ZIdjA0XrA8xCnAw KvHwOtRLhAqxJpYVV+YeYpTgYFYS4X1lLBkqxJuSWFmVWpQfX1Sak1p8iNEUGGcTmaVEk/OB KTKvJN7Q2MDY0NDS3MDU0MhCSZz3/7ncECGB9MSS1OzU1ILUIpg+Jg5OqQZGZsYQ8zdZyWnh 3Msvcq/SuXH9iCzvg/WMKYUlv9+b1ezzfF31Ruvpvi+rSq0Egy6uvH3v+3cfo/5tSpsmnr+l zf/z2uo1kwVSWhLaLxqfuDupWsT2rPnaq7mhvpzK85vXv7HkaPWer/1pm8+Kt2yt296tS1J6 +eT452WZUdVRu+Njj9+Qtd7Rp8RSnJFoqMVcVJwIAKSVX4pZAwAA DLP-Filter: Pass X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t2UBtFgx018077 > >The bus that the device is on should prevent this, why isn't that >working for you? What type of device/bus do you see this problem on? The device is a firmware class device on a virtual bus. >> Signed-off-by: eun.taik.lee > >We need a "real" name here, I don't think your name has '.' in it, >right? Right. It should've been Eun Taik Lee. >Your email client turned all tabs to spaces and made the patch unable to >be applied. I think I pasted the patch on HTML mode and then switched to text mode. Below patch should be okay. From: "Eun Taik Lee" There is a possible race condition when a device is added while another device with the same parent , with ref count of one, is deleted. CPU0 CPU1 device_add() device_del() get_device_parent() put_device(parent); kobj = kobject_get(k) kobject_put() kref_put() refcount=0 refcount is 0 WARNS it was 0 but return kobj frees kobj uses the freed parent kobj The race condition exists because kref_put() and the release function is not atomic. Using kobject_get_unless_zero() instead of kobject_get() in get_device_parent() will prevent this race condition. Signed-off-by: Eun Taik Lee --- drivers/base/core.c | 2 +- include/linux/kobject.h | 2 ++ lib/kobject.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 07304a3..ec2f211 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -761,7 +761,7 @@ static struct kobject *get_device_parent(struct device *dev, spin_lock(&dev->class->p->glue_dirs.list_lock); list_for_each_entry(k, &dev->class->p->glue_dirs.list, entry) if (k->parent == parent_kobj) { - kobj = kobject_get(k); + kobj = kobject_get_unless_zero(k); break; } spin_unlock(&dev->class->p->glue_dirs.list_lock); diff --git a/include/linux/kobject.h b/include/linux/kobject.h index 2d61b90..3032744 100644 --- a/include/linux/kobject.h +++ b/include/linux/kobject.h @@ -107,6 +107,8 @@ extern int __must_check kobject_rename(struct kobject *, const char *new_name); extern int __must_check kobject_move(struct kobject *, struct kobject *); extern struct kobject *kobject_get(struct kobject *kobj); +extern struct kobject * __must_check kobject_get_unless_zero( + struct kobject *kobj); extern void kobject_put(struct kobject *kobj); extern const void *kobject_namespace(struct kobject *kobj); diff --git a/lib/kobject.c b/lib/kobject.c index 03d4ab3..ff0ce681 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -581,7 +581,7 @@ struct kobject *kobject_get(struct kobject *kobj) return kobj; } -static struct kobject * __must_check kobject_get_unless_zero(struct kobject *kobj) +struct kobject * __must_check kobject_get_unless_zero(struct kobject *kobj) { if (!kref_get_unless_zero(&kobj->kref)) kobj = NULL; -- 1.7.9.5 thanks Eun Taik Lee{.n++%ݶw{.n+{G{ayʇڙ,jfhz_(階ݢj"mG?&~iOzv^m ?I