ACPI / scan: Prevent device add uevents from racing with user space
authorRafael J. Wysocki <rafael.j.wysocki@intel.com>
Thu, 24 Jan 2013 11:49:49 +0000 (12:49 +0100)
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>
Thu, 24 Jan 2013 11:49:49 +0000 (12:49 +0100)
ACPI core adds sysfs device files after the given devices have been
registered with device_register(), which is not appropriate, because
it may lead to race conditions with user space tools using those
files.

Fix the problem by delaying the KOBJ_ADD uevent for ACPI devices
until after all of the devices' sysfs files have been created.

This also fixes a use-after-free in acpi_device_unregister().

Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/acpi/internal.h
drivers/acpi/power.c
drivers/acpi/scan.c

index 1f004f35bc67eb4416ecff7bf9a410588d816194..c5a61cd6c1a5200c5297f4f3260c23ee185140e7 100644 (file)
@@ -40,10 +40,11 @@ static inline void acpi_debugfs_init(void) { return; }
 #define ACPI_STA_DEFAULT (ACPI_STA_DEVICE_PRESENT | ACPI_STA_DEVICE_ENABLED | \
                          ACPI_STA_DEVICE_UI | ACPI_STA_DEVICE_FUNCTIONING)
 
-int acpi_device_register(struct acpi_device *device,
-                        void (*release)(struct device *));
+int acpi_device_add(struct acpi_device *device,
+                   void (*release)(struct device *));
 void acpi_init_device_object(struct acpi_device *device, acpi_handle handle,
                             int type, unsigned long long sta);
+void acpi_device_add_finalize(struct acpi_device *device);
 void acpi_free_ids(struct acpi_device *device);
 
 /* --------------------------------------------------------------------------
index 6db261c237d4a2cb833690bb1518c679e616b95f..3f16dd4db23e82275cf9129255e931d3081736f4 100644 (file)
@@ -721,13 +721,14 @@ int acpi_add_power_resource(acpi_handle handle)
               acpi_device_bid(device), state ? "on" : "off");
 
        device->flags.match_driver = true;
-       result = acpi_device_register(device, acpi_release_power_resource);
+       result = acpi_device_add(device, acpi_release_power_resource);
        if (result)
                goto err;
 
        mutex_lock(&power_resource_list_lock);
        list_add(&resource->list_node, &acpi_power_resource_list);
        mutex_unlock(&power_resource_list_lock);
+       acpi_device_add_finalize(device);
        return 0;
 
  err:
index 1fc57a349a3cf3164c64a348ff3fac17d9ccf44b..8b3b18846c8c183ec732e6c3b355c13527b4e02c 100644 (file)
@@ -634,8 +634,8 @@ struct bus_type acpi_bus_type = {
        .uevent         = acpi_device_uevent,
 };
 
-int acpi_device_register(struct acpi_device *device,
-                        void (*release)(struct device *))
+int acpi_device_add(struct acpi_device *device,
+                   void (*release)(struct device *))
 {
        int result;
        struct acpi_device_bus_id *acpi_device_bus_id, *new_bus_id;
@@ -705,7 +705,7 @@ int acpi_device_register(struct acpi_device *device,
                device->dev.parent = &device->parent->dev;
        device->dev.bus = &acpi_bus_type;
        device->dev.release = release;
-       result = device_register(&device->dev);
+       result = device_add(&device->dev);
        if (result) {
                dev_err(&device->dev, "Error registering device\n");
                goto err;
@@ -744,12 +744,13 @@ static void acpi_device_unregister(struct acpi_device *device)
 
        acpi_power_add_remove_device(device, false);
        acpi_device_remove_files(device);
-       device_unregister(&device->dev);
+       device_del(&device->dev);
        /*
         * Drop the reference counts of all power resources the device depends
         * on and turn off the ones that have no more references.
         */
        acpi_power_transition(device, ACPI_STATE_D3_COLD);
+       put_device(&device->dev);
 }
 
 /* --------------------------------------------------------------------------
@@ -1391,6 +1392,14 @@ void acpi_init_device_object(struct acpi_device *device, acpi_handle handle,
        acpi_device_get_busid(device);
        acpi_device_set_id(device);
        acpi_bus_get_flags(device);
+       device_initialize(&device->dev);
+       dev_set_uevent_suppress(&device->dev, true);
+}
+
+void acpi_device_add_finalize(struct acpi_device *device)
+{
+       dev_set_uevent_suppress(&device->dev, false);
+       kobject_uevent(&device->dev.kobj, KOBJ_ADD);
 }
 
 static int acpi_add_single_object(struct acpi_device **child,
@@ -1412,13 +1421,14 @@ static int acpi_add_single_object(struct acpi_device **child,
        acpi_bus_get_wakeup_device_flags(device);
 
        device->flags.match_driver = match_driver;
-       result = acpi_device_register(device, acpi_device_release);
+       result = acpi_device_add(device, acpi_device_release);
        if (result) {
                acpi_device_release(&device->dev);
                return result;
        }
 
        acpi_power_add_remove_device(device, true);
+       acpi_device_add_finalize(device);
        acpi_get_name(handle, ACPI_FULL_PATHNAME, &buffer);
        ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Added %s [%s] parent %s\n",
                dev_name(&device->dev), (char *) buffer.pointer,