Skip to content

Commit

Permalink
iio: Prevent race between IIO chardev opening and IIO device free
Browse files Browse the repository at this point in the history
Set the IIO device as the parent for the character device

We need to make sure that the IIO device is not freed while the character device
exists, otherwise the freeing of the IIO device might race against the file open
callback. Do this by setting the character device's parent to the IIO device,
this will cause the character device to grab a reference to the IIO device and
only release it once the character device itself has been removed.

Also move the registration of the character device before the registration of
the IIO device to avoid the (rather theoretical case) that the IIO device is
already freed again before we can add the character device and grab a reference
to the IIO device.

We also need to move the call to cdev_del() from iio_dev_release() to
iio_device_unregister() (where it should have been in the first place anyway) to
avoid a reference cycle. As iio_dev_release() is only called once all reference
are dropped, but the character device holds a reference to the IIO device.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
  • Loading branch information
larsclausen authored and jic23 committed Sep 21, 2013
1 parent cadc212 commit 0d5b7da
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions drivers/iio/industrialio-core.c
Original file line number Diff line number Diff line change
Expand Up @@ -848,8 +848,6 @@ static void iio_device_unregister_sysfs(struct iio_dev *indio_dev)
static void iio_dev_release(struct device *device)
{
struct iio_dev *indio_dev = dev_to_iio_dev(device);
if (indio_dev->chrdev.dev)
cdev_del(&indio_dev->chrdev);
if (indio_dev->modes & INDIO_BUFFER_TRIGGERED)
iio_device_unregister_trigger_consumer(indio_dev);
iio_device_unregister_eventset(indio_dev);
Expand Down Expand Up @@ -1056,18 +1054,20 @@ int iio_device_register(struct iio_dev *indio_dev)
indio_dev->setup_ops == NULL)
indio_dev->setup_ops = &noop_ring_setup_ops;

ret = device_add(&indio_dev->dev);
if (ret < 0)
goto error_unreg_eventset;
cdev_init(&indio_dev->chrdev, &iio_buffer_fileops);
indio_dev->chrdev.owner = indio_dev->info->driver_module;
indio_dev->chrdev.kobj.parent = &indio_dev->dev.kobj;
ret = cdev_add(&indio_dev->chrdev, indio_dev->dev.devt, 1);
if (ret < 0)
goto error_del_device;
return 0;
goto error_unreg_eventset;

error_del_device:
device_del(&indio_dev->dev);
ret = device_add(&indio_dev->dev);
if (ret < 0)
goto error_cdev_del;

return 0;
error_cdev_del:
cdev_del(&indio_dev->chrdev);
error_unreg_eventset:
iio_device_unregister_eventset(indio_dev);
error_free_sysfs:
Expand All @@ -1085,6 +1085,9 @@ void iio_device_unregister(struct iio_dev *indio_dev)

device_del(&indio_dev->dev);

if (indio_dev->chrdev.dev)
cdev_del(&indio_dev->chrdev);

iio_disable_all_buffers(indio_dev);

indio_dev->info = NULL;
Expand Down

0 comments on commit 0d5b7da

Please sign in to comment.