From: Slawomir Stepien <sst@poczta.fm>
To: Wolfram Sang <wsa@the-dreams.de>
Cc: linux-i2c@vger.kernel.org, krzysztof.adamski@nokia.com,
jakub.lewalski@nokia.com, slawomir.stepien@nokia.com,
alexander.sverdlin@nokia.com
Subject: Re: [RFCv3] i2c: hold the core_lock for the whole execution of i2c_register_adapter()
Date: Fri, 27 Mar 2020 15:01:26 +0100 [thread overview]
Message-ID: <20200327140126.GA2112@t480s.localdomain> (raw)
In-Reply-To: <20200321191532.GF5632@ninjato>
On mar 21, 2020 20:15, Wolfram Sang wrote:
> Hi Slawomir,
Hello Wolfram,
> On Tue, Oct 08, 2019 at 06:39:56PM +0200, Slawomir Stepien wrote:
> > From: Sławomir Stępień <slawomir.stepien@nokia.com>
> >
> > There is a race condition between the i2c_get_adapter() and the
> > i2c_add_adapter() if this mutex isn't hold for the whole execution of
> > i2c_register_adapter().
> >
> > If the mutex isn't locked, it is possible to find idr that points to
> > adapter that hasn't been registered yet (i.e. it's
> > kobj.state_initialized is still false), which will end up with warning
> > message:
> >
> > "... is not initialized, yet kobject_get() is being called."
> >
> > This patch will change how the locking is arranged around
> > i2c_register_adapter() call and will prevent such situations. The part
> > of the i2c_register_adapter() that do not need to be under the lock has
> > been moved to a new function i2c_process_adapter.
> >
> > Signed-off-by: Sławomir Stępień <slawomir.stepien@nokia.com>
>
> Thank you for tackling this one and sorry for the late reply.
>
> Do you have a test case for me so I could reproduce the bad case here?
I don't have any test case ready on hand, but please take a look at this flow:
Note: The assumption is that i2c_add_adapter() and i2c_get_adapter() are called
from separate threads of execution.
time | i2c_add_adapter() | i2c_get_adapter()
------------------------------------------------
0001 | lock of core_lock |
0002 | new idr via idr_alloc |
0003 | unlock of core_lock |
0004 | | lock of core_lock
0005 | | idr_find
0006 | | get_device [1]
0007 | i2c_register_adapter |
At point [1], the i2c_get_adapter() assumes the device is ready only because it
was found in idr. It calls get_device() which causes kobject_get() to fail.
--
Slawomir Stepien
prev parent reply other threads:[~2020-03-27 14:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191008163956.GB566933@t480s.localdomain>
2020-03-21 19:15 ` [RFCv3] i2c: hold the core_lock for the whole execution of i2c_register_adapter() Wolfram Sang
2020-03-27 14:01 ` Slawomir Stepien [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200327140126.GA2112@t480s.localdomain \
--to=sst@poczta.fm \
--cc=alexander.sverdlin@nokia.com \
--cc=jakub.lewalski@nokia.com \
--cc=krzysztof.adamski@nokia.com \
--cc=linux-i2c@vger.kernel.org \
--cc=slawomir.stepien@nokia.com \
--cc=wsa@the-dreams.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.