linux/drivers
Jarod Wilson 08aeb7c9a4 [media] rc: add locking to fix register/show race
When device_add is called in rc_register_device, the rc sysfs nodes show
up, and there's a window in which ir-keytable can be launched via udev
and trigger a show_protocols call, which runs without various rc_dev
fields filled in yet. Add some locking around registration and
store/show_protocols to prevent that from happening.

The problem manifests thusly:

[64692.957872] BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
[64692.957878] IP: [<ffffffffa036a4c1>] show_protocols+0x47/0xf1 [rc_core]
[64692.957890] PGD 19cfc7067 PUD 19cfc6067 PMD 0
[64692.957894] Oops: 0000 [#1] SMP
[64692.957897] last sysfs file: /sys/devices/pci0000:00/0000:00:03.1/usb3/3-1/3-1:1.0/rc/rc2/protocols
[64692.957902] CPU 3
[64692.957903] Modules linked in: redrat3(+) ir_lirc_codec lirc_dev ir_sony_decoder ir_jvc_decoder ir_rc6_decoder ir_rc5_decoder rc_hauppauge ir_nec
_decoder rc_core ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_mi
di_event snd_seq_midi_emul snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_seq snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem pcsp
kr tg3 snd_hwdep emu10k1_gp snd amd64_edac_mod gameport edac_core soundcore edac_mce_amd k8temp shpchp i2c_piix4 lm63 e100 mii uinput ipv6 raid0 rai
d1 ata_generic firewire_ohci pata_acpi firewire_core crc_itu_t sata_svw pata_serverworks floppy radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core
[last unloaded: redrat3]
[64692.957949] [64692.957952] Pid: 12265, comm: ir-keytable Tainted: G   M    W   2.6.39-rc6+ #2 empty empty/TYAN Thunder K8HM S3892
[64692.957957] RIP: 0010:[<ffffffffa036a4c1>]  [<ffffffffa036a4c1>] show_protocols+0x47/0xf1 [rc_core]
[64692.957962] RSP: 0018:ffff880194509e38  EFLAGS: 00010202
[64692.957964] RAX: 0000000000000000 RBX: ffffffffa036d1e0 RCX: ffffffffa036a47a
[64692.957966] RDX: ffff88019a84d000 RSI: ffffffffa036d1e0 RDI: ffff88019cf2f3f0
[64692.957969] RBP: ffff880194509e68 R08: 0000000000000002 R09: 0000000000000000
[64692.957971] R10: 0000000000000002 R11: 0000000000001617 R12: ffff88019a84d000
[64692.957973] R13: 0000000000001000 R14: ffff8801944d2e38 R15: ffff88019ce5f190
[64692.957976] FS:  00007f0a30c9a720(0000) GS:ffff88019fc00000(0000) knlGS:0000000000000000
[64692.957979] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[64692.957981] CR2: 0000000000000090 CR3: 000000019a8e0000 CR4: 00000000000006e0
[64692.957983] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[64692.957986] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[64692.957989] Process ir-keytable (pid: 12265, threadinfo ffff880194508000, task ffff88019a9fc720)
[64692.957991] Stack:
[64692.957992]  0000000000000002 ffffffffa036d1e0 ffff880194509f58 0000000000001000
[64692.957997]  ffff8801944d2e38 ffff88019ce5f190 ffff880194509e98 ffffffff8131484b
[64692.958001]  ffffffff8118e923 ffffffff810e9b2f ffff880194509e98 ffff8801944d2e18
[64692.958005] Call Trace:
[64692.958014]  [<ffffffff8131484b>] dev_attr_show+0x27/0x4e
[64692.958014]  [<ffffffff8118e923>] ? sysfs_read_file+0x94/0x172
[64692.958014]  [<ffffffff810e9b2f>] ? __get_free_pages+0x16/0x52
[64692.958014]  [<ffffffff8118e94c>] sysfs_read_file+0xbd/0x172
[64692.958014]  [<ffffffff8113205e>] vfs_read+0xac/0xf3
[64692.958014]  [<ffffffff8113347b>] ? fget_light+0x3a/0xa1
[64692.958014]  [<ffffffff811320f2>] sys_read+0x4d/0x74
[64692.958014]  [<ffffffff814c19c2>] system_call_fastpath+0x16/0x1b

Its a bit difficult to reproduce, but I'm fairly confident this has
fixed the problem.

Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2011-05-20 16:21:22 -03:00
..
accessibility
acpi ACPI / PM: Avoid infinite recurrence while registering power resources 2011-04-26 11:33:18 +02:00
amba
ata Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev 2011-05-14 12:19:18 -07:00
atm drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
auxdisplay
base PM / Wakeup: Fix initialization of wakeup-related device sysfs files 2011-04-26 11:33:09 +02:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2011-05-18 06:49:02 -07:00
bluetooth
cdrom cdrom: always check_disk_change() on open 2011-04-29 10:17:25 +02:00
char drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
clk CLKDEV: Fix clkdev return value for NULL clk case 2011-04-30 10:14:08 +01:00
clocksource
connector
cpufreq
cpuidle
crypto
dca
dio
dma
edac drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
eisa
firewire Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2011-05-04 14:21:39 -07:00
firmware
gpio
gpu drm: Take lock around probes for drm_fb_helper_hotplug_event 2011-05-16 12:01:43 +10:00
hid
hwmon hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails 2011-05-01 09:06:35 -07:00
hwspinlock
i2c drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
ide ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd 2011-04-21 19:43:59 +02:00
idle
ieee802154
infiniband Revert wrong fixes for common misspellings 2011-04-26 23:31:11 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2011-05-12 10:41:31 -07:00
isdn
leds drivers/leds/leds-lm3530.c: add MODULE_DEVICE_TABLE 2011-05-18 02:55:22 -07:00
lguest
macintosh
mca
md raid5: fix build error, sector_t usage 2011-04-21 10:00:00 -07:00
media [media] rc: add locking to fix register/show race 2011-05-20 16:21:22 -03:00
memstick
message block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
mfd mfd: Fix for the TWL4030 PM sleep/wakeup sequence 2011-05-11 11:09:58 +02:00
misc
mmc drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
mtd drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
net drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
nfc
nubus
of
oprofile
parisc
parport parport_pc.c: correctly release the requested region for the IT887x 2011-04-19 16:36:24 -07:00
pci PCI: Clear bridge resource flags if requested size is 0 2011-05-16 18:33:35 -07:00
pcmcia Revert wrong fixes for common misspellings 2011-04-26 23:31:11 -07:00
platform eeepc-laptop: Use ACPI handle to identify rfkill port 2011-05-09 10:48:47 -04:00
pnp
power
pps
ps3
rapidio rapidio: fix default routing initialization 2011-05-18 02:55:22 -07:00
regulator
rtc Merge branch 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2011-05-17 08:02:04 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2011-05-18 06:49:02 -07:00
sbus
scsi Merge branch 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6 2011-05-18 13:25:57 -07:00
sfi
sh
sn
spi
ssb
staging [media] tm6000: add detection based on eeprom name 2011-05-20 09:28:55 -03:00
target
tc
telephony
thermal
tty drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
uio
usb drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
uwb
vhost
video Merge branch 'fbmem' 2011-05-14 11:24:32 -07:00
virtio virtio_pci: Prevent double-free of pci regions after device hot-unplug 2011-04-21 22:57:00 +09:30
vlynq
w1
watchdog drivercore: revert addition of of_match to struct device 2011-05-18 12:32:23 -06:00
xen PM: Add missing syscore_suspend() and syscore_resume() calls 2011-04-20 00:36:11 +02:00
zorro
Kconfig
Makefile