kernel-ark/drivers/base
Patrick Mochel 0d3e5a2e39 [PATCH] Driver Core: fix bk-driver-core kills ppc64
There's no check to see if the device is already bound to a driver, which
could do bad things.  The first thing to go wrong is that it will try to match
a driver with a device already bound to one.  In some cases (it appears with
USB with drivers/usb/core/usb.c::usb_match_id()), some drivers will match a
device based on the class type, so it would be common (especially for HID
devices) to match a device that is already bound.

The fun comes when ->probe() is called, it fails, then
driver_probe_device() does this:

	dev->driver = NULL;

Later on, that pointer could be be dereferenced without checking and cause
hell to break loose.

This problem could be nasty. It's very hardware dependent, since some
devices could have a different set of matching qualifiers than others.

Now, I don't quite see exactly where/how you were getting that crash.
You're dereferencing bad memory, but I'm not sure which pointer was bad
and where it came from, but it could have come from a couple of different
places.

The patch below will hopefully fix it all up for you. It's against
2.6.12-rc2-mm1, and does the following:

- Move logic to driver_probe_device() and comments uncommon returns:
  1 - If device is bound
  0 - If device not bound, and no error
  error - If there was an error.

- Move locking to caller of that function, since we want to lock a
  device for the entire time we're trying to bind it to a driver (to
  prevent against a driver being loaded at the same time).

- Update __device_attach() and __driver_attach() to do that locking.

- Check if device is already bound in __driver_attach()

- Update the converse device_release_driver() so it locks the device
  around all of the operations.

- Mark driver_probe_device() as static and remove export. It's an
  internal function, it should stay that way, and there are no other
  callers. If there is ever a need to export it, we can audit it as
  necessary.

Signed-off-by: Andrew Morton <akpm@osdl.org>
2005-06-20 15:15:27 -07:00
..
power [PATCH] Add a semaphore to struct device to synchronize calls to its driver. 2005-06-20 15:15:12 -07:00
attribute_container.c
base.h [PATCH] Move device/driver code to drivers/base/dd.c 2005-06-20 15:15:13 -07:00
bus.c [PATCH] Fix up bus code and remove use of rwsem. 2005-06-20 15:15:18 -07:00
class.c [PATCH] class: add kerneldoc for the new class functions. 2005-06-20 15:15:11 -07:00
core.c [PATCH] Use a klist for device child lists. 2005-06-20 15:15:23 -07:00
cpu.c
dd.c [PATCH] Driver Core: fix bk-driver-core kills ppc64 2005-06-20 15:15:27 -07:00
dmapool.c
driver.c [PATCH] driver core: change export symbol for driver_for_each_device() 2005-06-20 15:15:24 -07:00
firmware_class.c
firmware.c
init.c
Kconfig
Makefile [PATCH] Move device/driver code to drivers/base/dd.c 2005-06-20 15:15:13 -07:00
map.c
node.c
platform.c
sys.c [PATCH] sysfs: (driver/base) if show/store is missing return -EIO 2005-06-20 15:15:02 -07:00
transport_class.c