提交 0cfc1e1e 编写于 作者: M Ming Lei 提交者: Greg Kroah-Hartman

firmware loader: fix device lifetime

Callers of request_firmware* must hold the reference count of
@device, otherwise it is easy to trigger oops since the firmware
loader device is the child of @device.

This patch adds comments about the usage. In fact, most of drivers
call request_firmware* in its probe() or open(), so the constraint
should be reasonable and can be satisfied.

Also this patch holds the reference count of @device before
schedule_work() in request_firmware_nowait() to avoid that
the @device is released after request_firmware_nowait returns
and before the worker function is scheduled.
Signed-off-by: NMing Lei <ming.lei@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
上级 2887b395
...@@ -742,6 +742,8 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, ...@@ -742,6 +742,8 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent,
* @name will be used as $FIRMWARE in the uevent environment and * @name will be used as $FIRMWARE in the uevent environment and
* should be distinctive enough not to be confused with any other * should be distinctive enough not to be confused with any other
* firmware image for this or any other device. * firmware image for this or any other device.
*
* Caller must hold the reference count of @device.
**/ **/
int int
request_firmware(const struct firmware **firmware_p, const char *name, request_firmware(const struct firmware **firmware_p, const char *name,
...@@ -823,6 +825,7 @@ static void request_firmware_work_func(struct work_struct *work) ...@@ -823,6 +825,7 @@ static void request_firmware_work_func(struct work_struct *work)
out: out:
fw_work->cont(fw, fw_work->context); fw_work->cont(fw, fw_work->context);
put_device(fw_work->device);
module_put(fw_work->module); module_put(fw_work->module);
kfree(fw_work); kfree(fw_work);
...@@ -841,6 +844,8 @@ static void request_firmware_work_func(struct work_struct *work) ...@@ -841,6 +844,8 @@ static void request_firmware_work_func(struct work_struct *work)
* @cont: function will be called asynchronously when the firmware * @cont: function will be called asynchronously when the firmware
* request is over. * request is over.
* *
* Caller must hold the reference count of @device.
*
* Asynchronous variant of request_firmware() for user contexts where * Asynchronous variant of request_firmware() for user contexts where
* it is not possible to sleep for long time. It can't be called * it is not possible to sleep for long time. It can't be called
* in atomic contexts. * in atomic contexts.
...@@ -869,6 +874,7 @@ request_firmware_nowait( ...@@ -869,6 +874,7 @@ request_firmware_nowait(
return -EFAULT; return -EFAULT;
} }
get_device(fw_work->device);
INIT_WORK(&fw_work->work, request_firmware_work_func); INIT_WORK(&fw_work->work, request_firmware_work_func);
schedule_work(&fw_work->work); schedule_work(&fw_work->work);
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册