From: Greg KH
Date: Mon May 24 2004 - 11:50:04 EST
On Mon, May 24, 2004 at 10:39:21AM +0400, Andrew Zabolotny wrote:
> The class_device_find() function returns a pointer to a class_device, but the
> reference counter of that object is not incremented. This looks to me somewhat
> racy, unless there are some details I'm missing.
There were lots of problems with that function, and that's one reason
it's not in the kernel tree :)
> Because in the first case if class_device_get succeeds, but class_id is empty,
> the kobject will remain in a referenced state.
Good catch. But your fix is not quite correct, we should call
class_device_put() on the class_dev variable before returning -EINVAL
> I know patches are preferred, but our CVS is down right now and I don't have
> an older copy of class.c.
Patches are preferred.
> And yet one more comment. What is the purpose of class_device_get at the
> beginning and class_device_put at the end of the above function? I think if
> someone calls class_device_rename, then it already holds a reference to the
> class_device, so it can't go away while class_rename() is doing its work. And
> if the caller *doesn't* hold a lock on it, it is simply wrong code since the
> device may easily go away before class_rename() gets the lock.
We are just being safe.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/