Hello. On 08-06-2012 9:38, Ming Lei wrote:
Firstly, .shutdown callback may touch a uninitialized hardware if dev->driver is set and .probe is not completed.
Secondly, device_shutdown() may dereference a null pointer to cause oops when dev->driver is cleared after it is checked in device_shutdown().
So just hold device lock and its parent lock if it has to fix the races.
Cc: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxxxxx> --- drivers/base/core.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/drivers/base/core.c b/drivers/base/core.c index 346be8b..cbc8bd2 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1820,6 +1820,11 @@ void device_shutdown(void) list_del_init(&dev->kobj.entry); spin_unlock(&devices_kset->list_lock); + /*hold lock[s] to avoid races with .probe/.release*/
Please add spaces after /* and before */. Or the applier please do it... WBR, Sergei -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
