On Thu, 2018-10-18 at 12:38 -0700, Alexander Duyck wrote: > Basically if somebody loads a driver the dev->driver becomes set. If a > driver is removed it will clear dev->driver and set driver_data to > 0/NULL. That is what I am using as a mutex to track it in conjunction > with the device mutex. Basically if somebody attempts to attach a driver > before we get there we just exit and don't attempt to load this driver.
I don't think that the above matches your code. __device_attach() does not set the dev->driver pointer before scheduling an asynchronous probe. Only dev->driver_data gets set before the asynchonous probe is scheduled. Since driver_detach() only iterates over devices that are in the per-driver klist it will skip all devices for which an asynchronous probe has been scheduled but __device_attach_async_helper() has not yet been called. My conclusion remains that this patch does not prevent a driver pointer to become invalid concurrently with __device_attach_async_helper() dereferencing the same driver pointer. Bart.
