kobject: Make sure the parent does not get released before its children (4ef12f71) · Commits · 戴 / test

In the function kobject_cleanup(), kobject_del(kobj) is called before the kobj->release(). That makes it possible to release the parent of the kobject before the kobject itself. To fix that, adding function __kboject_del() that does everything that kobject_del() does except release the parent reference. kobject_cleanup() then calls __kobject_del() instead of kobject_del(), and separately decrements the reference count of the parent kobject after kobj->release() has been called. Reported-by:

Naresh Kamboju <naresh.kamboju@linaro.org> Reported-by:

kernel test robot <rong.a.chen@intel.com> Fixes: ("Revert "software node: Simplify software_node_release() function"") Suggested-by:

"Rafael J. Wysocki" <rafael@kernel.org> Signed-off-by:

Heikki Krogerus <heikki.krogerus@linux.intel.com> Reviewed-by:

Rafael J. Wysocki <rafael.j.wysocki@intel.com> Reviewed-by:

Brendan Higgins <brendanhiggins@google.com> Tested-by:

Brendan Higgins <brendanhiggins@google.com> Acked-by:

Randy Dunlap <rdunlap@infradead.org> Link: https://lore.kernel.org/r/20200513151840.36400-1-heikki.krogerus@linux.intel.com Cc: stable <stable@vger.kernel.org> Signed-off-by:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>

lib/kobject.c

+20 −10

Original line number	Diff line number	Diff line
		@@ -599,14 +599,7 @@ out:
		}
		EXPORT_SYMBOL_GPL(kobject_move);

		/**
		* kobject_del() - Unlink kobject from hierarchy.
		* @kobj: object.
		*
		* This is the function that should be called to delete an object
		* successfully added via kobject_add().
		*/
		void kobject_del(struct kobject *kobj)
		static void __kobject_del(struct kobject *kobj)
		{
		struct kernfs_node *sd;
		const struct kobj_type *ktype;
		@@ -625,9 +618,23 @@ void kobject_del(struct kobject *kobj)

		kobj->state_in_sysfs = 0;
		kobj_kset_leave(kobj);
		kobject_put(kobj->parent);
		kobj->parent = NULL;
		}

		/**
		* kobject_del() - Unlink kobject from hierarchy.
		* @kobj: object.
		*
		* This is the function that should be called to delete an object
		* successfully added via kobject_add().
		*/
		void kobject_del(struct kobject *kobj)
		{
		struct kobject *parent = kobj->parent;

		__kobject_del(kobj);
		kobject_put(parent);
		}
		EXPORT_SYMBOL(kobject_del);

		/**
		@@ -663,6 +670,7 @@ EXPORT_SYMBOL(kobject_get_unless_zero);
		*/
		static void kobject_cleanup(struct kobject *kobj)
		{
		struct kobject *parent = kobj->parent;
		struct kobj_type *t = get_ktype(kobj);
		const char *name = kobj->name;

		@@ -684,7 +692,7 @@ static void kobject_cleanup(struct kobject *kobj)
		if (kobj->state_in_sysfs) {
		pr_debug("kobject: '%s' (%p): auto cleanup kobject_del\n",
		kobject_name(kobj), kobj);
		kobject_del(kobj);
		__kobject_del(kobj);
		}

		if (t && t->release) {
		@@ -698,6 +706,8 @@ static void kobject_cleanup(struct kobject *kobj)
		pr_debug("kobject: '%s': free name\n", name);
		kfree_const(name);
		}

		kobject_put(parent);
		}

		#ifdef CONFIG_DEBUG_KOBJECT_RELEASE

Admin message