summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLars-Peter Clausen <lars@metafoo.de>2013-09-18 21:02:00 +0100
committerJonathan Cameron <jic23@kernel.org>2013-09-21 12:50:23 +0100
commit0d5b7dae897b61a2372916b1c93f6cee6b8049b1 (patch)
treebfdaccfa0f8e614b42ebfa6e74871c1b653806ff
parentcadc2125e140f7122bf1b59d42486cfc778c7286 (diff)
downloadlinux-0d5b7dae897b61a2372916b1c93f6cee6b8049b1.tar.gz
linux-0d5b7dae897b61a2372916b1c93f6cee6b8049b1.tar.bz2
linux-0d5b7dae897b61a2372916b1c93f6cee6b8049b1.zip
iio: Prevent race between IIO chardev opening and IIO device free
Set the IIO device as the parent for the character device We need to make sure that the IIO device is not freed while the character device exists, otherwise the freeing of the IIO device might race against the file open callback. Do this by setting the character device's parent to the IIO device, this will cause the character device to grab a reference to the IIO device and only release it once the character device itself has been removed. Also move the registration of the character device before the registration of the IIO device to avoid the (rather theoretical case) that the IIO device is already freed again before we can add the character device and grab a reference to the IIO device. We also need to move the call to cdev_del() from iio_dev_release() to iio_device_unregister() (where it should have been in the first place anyway) to avoid a reference cycle. As iio_dev_release() is only called once all reference are dropped, but the character device holds a reference to the IIO device. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
-rw-r--r--drivers/iio/industrialio-core.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index 8f7b6c9f92dc..8e84cd522e49 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -848,8 +848,6 @@ static void iio_device_unregister_sysfs(struct iio_dev *indio_dev)
static void iio_dev_release(struct device *device)
{
struct iio_dev *indio_dev = dev_to_iio_dev(device);
- if (indio_dev->chrdev.dev)
- cdev_del(&indio_dev->chrdev);
if (indio_dev->modes & INDIO_BUFFER_TRIGGERED)
iio_device_unregister_trigger_consumer(indio_dev);
iio_device_unregister_eventset(indio_dev);
@@ -1056,18 +1054,20 @@ int iio_device_register(struct iio_dev *indio_dev)
indio_dev->setup_ops == NULL)
indio_dev->setup_ops = &noop_ring_setup_ops;
- ret = device_add(&indio_dev->dev);
- if (ret < 0)
- goto error_unreg_eventset;
cdev_init(&indio_dev->chrdev, &iio_buffer_fileops);
indio_dev->chrdev.owner = indio_dev->info->driver_module;
+ indio_dev->chrdev.kobj.parent = &indio_dev->dev.kobj;
ret = cdev_add(&indio_dev->chrdev, indio_dev->dev.devt, 1);
if (ret < 0)
- goto error_del_device;
- return 0;
+ goto error_unreg_eventset;
-error_del_device:
- device_del(&indio_dev->dev);
+ ret = device_add(&indio_dev->dev);
+ if (ret < 0)
+ goto error_cdev_del;
+
+ return 0;
+error_cdev_del:
+ cdev_del(&indio_dev->chrdev);
error_unreg_eventset:
iio_device_unregister_eventset(indio_dev);
error_free_sysfs:
@@ -1085,6 +1085,9 @@ void iio_device_unregister(struct iio_dev *indio_dev)
device_del(&indio_dev->dev);
+ if (indio_dev->chrdev.dev)
+ cdev_del(&indio_dev->chrdev);
+
iio_disable_all_buffers(indio_dev);
indio_dev->info = NULL;