Re: [PATCH] PCI: Move device_del() from pci_stop_dev() to pci_destroy_dev()

[Rafael J. Wysocki]

On Monday, November 25, 2013 11:45:50 AM Yinghai Lu wrote:
> On Mon, Nov 25, 2013 at 3:22 AM, Rafael J. Wysocki <rjw@xxxxxxxxxxxxx> wrote:
> >
> > Well, is_removed is only used by pci_destroy_dev() in your patch, right?
> >
> > That means its only role is to protect the device from being destroyed
> > twice (or more times) in a row, but that surely would be a bug?  I don't
> > see how that can legitimately happen at least, so what exactly is the
> > scenario?
> 
> The thread:
> https://patchwork.kernel.org/patch/3119001/

Thanks for the pointer.

Well, so we have a bug in there and it is a *race* so adding a device flag
is not going to really help.  Besides, if the put_device() really frees the
struct pci_dev, accessing the flag itself would be a use-after-free,
wouldn't it?

What seems to be necessary is a lock preventing the
/sys/bus/pci/devices/.../remove interface from being used on multiple devices
in parallel.  Of course, it also has to protect against removals from hotplug
events racing with removals from /sys/bus/pci/devices/.../remove.

In any case, it is beyond the scope of the $subject patch, though.

Thanks,
Rafael

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/