Re: [PATCH V2] drivers: core: Remove glue dirs early only when refcount is 1
From: Greg KH
Date: Wed May 01 2019 - 02:53:31 EST
On Wed, May 01, 2019 at 09:52:47AM +0530, Prateek Sood wrote:
> While loading firmware blobs parallely in different threads, it is possible
> to free sysfs node of glue_dirs in device_del() from a thread while another
> thread is trying to add subdir from device_add() in glue_dirs sysfs node.
>
> CPU1 CPU2
> fw_load_sysfs_fallback()
> device_add()
> get_device_parent()
> class_dir_create_and_add()
> kobject_add_internal()
> create_dir() // glue_dir
>
> fw_load_sysfs_fallback()
> device_add()
> get_device_parent()
> kobject_get() //glue_dir
>
> device_del()
> cleanup_glue_dir()
> kobject_del()
>
> kobject_add()
> kobject_add_internal()
> create_dir() // in glue_dir
> kernfs_create_dir_ns()
>
> sysfs_remove_dir() //glue_dir->sd=NULL
> sysfs_put() // free glue_dir->sd
>
> kernfs_new_node()
> kernfs_get(glue_dir)
>
> Fix this race by making sure that kernfs_node for glue_dir is released only
> when refcount for glue_dir kobj is 1.
>
> Signed-off-by: Prateek Sood <prsood@xxxxxxxxxxxxxx>
> ---
> drivers/base/core.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
What changed from v1? That always has to go below the --- line.
v3 please.