driver core: Fix locking bug in deferred_probe_timeout_work_func()
authorSaravana Kannan <saravanak@google.com>
Fri, 2 Apr 2021 04:03:40 +0000 (21:03 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 14 Apr 2021 06:42:03 +0000 (08:42 +0200)
commit eed6e41813deb9ee622cd9242341f21430d7789f upstream.

list_for_each_entry_safe() is only useful if we are deleting nodes in a
linked list within the loop. It doesn't protect against other threads
adding/deleting nodes to the list in parallel. We need to grab
deferred_probe_mutex when traversing the deferred_probe_pending_list.

Cc: stable@vger.kernel.org
Fixes: 25b4e70dcce9 ("driver core: allow stopping deferred probe after init")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Link: https://lore.kernel.org/r/20210402040342.2944858-2-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/base/dd.c

index 43130d64e213d11cdfa276ab7bbf3aa0ce90c66a..8d7f94ef0cfe06f607de21ba714d65b731f5336a 100644 (file)
@@ -292,14 +292,16 @@ int driver_deferred_probe_check_state(struct device *dev)
 
 static void deferred_probe_timeout_work_func(struct work_struct *work)
 {
-       struct device_private *private, *p;
+       struct device_private *p;
 
        driver_deferred_probe_timeout = 0;
        driver_deferred_probe_trigger();
        flush_work(&deferred_probe_work);
 
-       list_for_each_entry_safe(private, p, &deferred_probe_pending_list, deferred_probe)
-               dev_info(private->device, "deferred probe pending\n");
+       mutex_lock(&deferred_probe_mutex);
+       list_for_each_entry(p, &deferred_probe_pending_list, deferred_probe)
+               dev_info(p->device, "deferred probe pending\n");
+       mutex_unlock(&deferred_probe_mutex);
        wake_up_all(&probe_timeout_waitqueue);
 }
 static DECLARE_DELAYED_WORK(deferred_probe_timeout_work, deferred_probe_timeout_work_func);