From: Alan Stern Date: Fri, 16 Nov 2007 16:57:28 +0000 (-0500) Subject: Driver core: fix race in __device_release_driver X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ef2c51746dc89c2326ce522f8fb8a57695780e75;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git Driver core: fix race in __device_release_driver This patch (as1013) was suggested by David Woodhouse; it fixes a race in the driver core. If a device is unregistered at the same time as its driver is unloaded, the driver's code pages may be unmapped while the remove method is still running. The calls to get_driver() and put_driver() were intended to prevent this, but they don't work if the driver's module count has already dropped to 0. Instead, the patch keeps the device on the driver's list until after the remove method has returned. This forces the necessary synchronization to occur. Signed-off-by: Alan Stern Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 54922647522d..b0726eb6405e 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -289,11 +289,10 @@ static void __device_release_driver(struct device * dev) { struct device_driver * drv; - drv = get_driver(dev->driver); + drv = dev->driver; if (drv) { driver_sysfs_remove(dev); sysfs_remove_link(&dev->kobj, "driver"); - klist_remove(&dev->knode_driver); if (dev->bus) blocking_notifier_call_chain(&dev->bus->p->bus_notifier, @@ -306,7 +305,7 @@ static void __device_release_driver(struct device * dev) drv->remove(dev); devres_release_all(dev); dev->driver = NULL; - put_driver(drv); + klist_remove(&dev->knode_driver); } }