Re: [PATCH v2 04/10] PCI: Destroy pci dev only once

From: Yinghai Lu
Date: Tue Nov 26 2013 - 21:27:01 EST

Next message: Chen Gang: "[PATCH] drivers: scsi: scsi_lib.c: add prefix "SCSILIB_" to macro"SP""
Previous message: Masami Hiramatsu: "Re: modules, add_kallsyms() && DEFINE_PER_CPU"
In reply to: Rafael J. Wysocki: "Re: [PATCH v2 04/10] PCI: Destroy pci dev only once"
Next in thread: Rafael J. Wysocki: "Re: [PATCH v2 04/10] PCI: Destroy pci dev only once"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 26, 2013 at 5:24 PM, Rafael J. Wysocki <rjw@xxxxxxxxxxxxx> wrote:
>
> So assume pci_destroy_dev() is called twice in parallel for the same dev
> by two different threads. Thread 1 does the atomic_inc_and_test() and
> finds that it is OK to do the device_del() and put_device() which causes
> the device object to be freed. Then thread 2 does the atomic_inc_and_test()
> on the already freed device object and crashes the kernel.
>
thread2 should still hold one extra reference.
that is in
device_schedule_callback
==> sysfs_schedule_callback
==> kobject_get(kobj)

pci_destroy_dev for thread2 is called at this point.

and that reference will be released from
sysfs_schedule_callback
==> kobject_put()...

Thanks

Yinghai
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chen Gang: "[PATCH] drivers: scsi: scsi_lib.c: add prefix "SCSILIB_" to macro"SP""
Previous message: Masami Hiramatsu: "Re: modules, add_kallsyms() && DEFINE_PER_CPU"
In reply to: Rafael J. Wysocki: "Re: [PATCH v2 04/10] PCI: Destroy pci dev only once"
Next in thread: Rafael J. Wysocki: "Re: [PATCH v2 04/10] PCI: Destroy pci dev only once"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]