LinuxLists.cc - [PATCH] driver core: Fix locking bug in deferred_probe_timeout_work

2021-04-13 06:22:54

Subject: [PATCH] driver core: Fix locking bug in deferred_probe_timeout_work_func()

commit eed6e41813deb9ee622cd9242341f21430d7789f upstream.

list_for_each_entry_safe() is only useful if we are deleting nodes in a
linked list within the loop. It doesn't protect against other threads
adding/deleting nodes to the list in parallel. We need to grab
deferred_probe_mutex when traversing the deferred_probe_pending_list.

Cc: [email protected]
Fixes: 25b4e70dcce9 ("driver core: allow stopping deferred probe after init")
Signed-off-by: Saravana Kannan <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
Hi Greg,

This should apply cleanly to 4.19 and 5.4 if you think this should be
picked up.

-Saravana

drivers/base/dd.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 4ba9231a6be8..26ba7a99b7d5 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -254,14 +254,16 @@ int driver_deferred_probe_check_state(struct device *dev)

static void deferred_probe_timeout_work_func(struct work_struct *work)
{
- struct device_private *private, *p;
+ struct device_private *p;

deferred_probe_timeout = 0;
driver_deferred_probe_trigger();
flush_work(&deferred_probe_work);

- list_for_each_entry_safe(private, p, &deferred_probe_pending_list, deferred_probe)
- dev_info(private->device, "deferred probe pending");
+ mutex_lock(&deferred_probe_mutex);
+ list_for_each_entry(p, &deferred_probe_pending_list, deferred_probe)
+ dev_info(p->device, "deferred probe pending\n");
+ mutex_unlock(&deferred_probe_mutex);
}
static DECLARE_DELAYED_WORK(deferred_probe_timeout_work, deferred_probe_timeout_work_func);

--
2.31.1.295.g9ea45b61b8-goog

2021-04-15 13:52:43

by Greg KH

[permalink] [raw]

Subject: Re: [PATCH] driver core: Fix locking bug in deferred_probe_timeout_work_func()

On Mon, Apr 12, 2021 at 11:09:06AM -0700, Saravana Kannan wrote:
> commit eed6e41813deb9ee622cd9242341f21430d7789f upstream.
>
> list_for_each_entry_safe() is only useful if we are deleting nodes in a
> linked list within the loop. It doesn't protect against other threads
> adding/deleting nodes to the list in parallel. We need to grab
> deferred_probe_mutex when traversing the deferred_probe_pending_list.
>
> Cc: [email protected]
> Fixes: 25b4e70dcce9 ("driver core: allow stopping deferred probe after init")
> Signed-off-by: Saravana Kannan <[email protected]>
> Link: https://lore.kernel.org/r/[email protected]
> Signed-off-by: Greg Kroah-Hartman <[email protected]>
> ---
> Hi Greg,
>
> This should apply cleanly to 4.19 and 5.4 if you think this should be
> picked up.

thanks, now queued up.

greg k-h