Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0cfc1e1e authored by Ming Lei's avatar Ming Lei Committed by Greg Kroah-Hartman
Browse files

firmware loader: fix device lifetime 



Callers of request_firmware* must hold the reference count of
@device, otherwise it is easy to trigger oops since the firmware
loader device is the child of @device.

This patch adds comments about the usage. In fact, most of drivers
call request_firmware* in its probe() or open(), so the constraint
should be reasonable and can be satisfied.

Also this patch holds the reference count of @device before
schedule_work() in request_firmware_nowait() to avoid that
the @device is released after request_firmware_nowait returns
and before the worker function is scheduled.

Signed-off-by: default avatarMing Lei <ming.lei@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2887b395

drivers/base/firmware_class.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -742,6 +742,8 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, 
 *      @name will be used as $FIRMWARE in the uevent environment and

 *      @name will be used as $FIRMWARE in the uevent environment and

 *      should be distinctive enough not to be confused with any other

 *      should be distinctive enough not to be confused with any other

 *      firmware image for this or any other device.

 *      firmware image for this or any other device.

 *

 *	Caller must hold the reference count of @device.

 **/

 **/

int

int

request_firmware(const struct firmware **firmware_p, const char *name,

request_firmware(const struct firmware **firmware_p, const char *name,
@@ -823,6 +825,7 @@ static void request_firmware_work_func(struct work_struct *work) 




 out:

 out:

	fw_work->cont(fw, fw_work->context);

	fw_work->cont(fw, fw_work->context);

	put_device(fw_work->device);





	module_put(fw_work->module);

	module_put(fw_work->module);

	kfree(fw_work);

	kfree(fw_work);
@@ -841,6 +844,8 @@ static void request_firmware_work_func(struct work_struct *work) 
 * @cont: function will be called asynchronously when the firmware

 * @cont: function will be called asynchronously when the firmware

 *	request is over.

 *	request is over.

 *

 *

 *	Caller must hold the reference count of @device.

 *

 *	Asynchronous variant of request_firmware() for user contexts where

 *	Asynchronous variant of request_firmware() for user contexts where

 *	it is not possible to sleep for long time. It can't be called

 *	it is not possible to sleep for long time. It can't be called

 *	in atomic contexts.

 *	in atomic contexts.
@@ -869,6 +874,7 @@ request_firmware_nowait( 
		return -EFAULT;

		return -EFAULT;

	}

	}





	get_device(fw_work->device);

	INIT_WORK(&fw_work->work, request_firmware_work_func);

	INIT_WORK(&fw_work->work, request_firmware_work_func);

	schedule_work(&fw_work->work);

	schedule_work(&fw_work->work);

	return 0;

	return 0;