ACPI: scan: Fix device object rescan in acpi_scan_clear_dep()

In general, acpi_bus_attach() can only be run safely under
acpi_scan_lock, but that lock cannot be acquired under
acpi_dep_list_lock, so make acpi_scan_clear_dep() schedule deferred
execution of acpi_bus_attach() under acpi_scan_lock instead of
calling it directly.

This also fixes a possible race between acpi_scan_clear_dep() and
device removal that might cause a device object that went away to
be accessed, because acpi_scan_clear_dep() is changed to acquire
a reference on the consumer device object.

Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>

diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index b7f9b7a..b0bdd9b 100644 (file)
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -2109,16 +2109,56 @@ static int acpi_dev_get_first_consumer_dev_cb(struct acpi_dep_data *dep, void *d
        return 0;
 }
 
-static int acpi_scan_clear_dep(struct acpi_dep_data *dep, void *data)
-{
+struct acpi_scan_clear_dep_work {
+       struct work_struct work;
        struct acpi_device *adev;
+};
+
+static void acpi_scan_clear_dep_fn(struct work_struct *work)
+{
+       struct acpi_scan_clear_dep_work *cdw;
+
+       cdw = container_of(work, struct acpi_scan_clear_dep_work, work);
+
+       acpi_scan_lock_acquire();
+       acpi_bus_attach(cdw->adev, true);
+       acpi_scan_lock_release();
+
+       acpi_dev_put(cdw->adev);
+       kfree(cdw);
+}
+
+static bool acpi_scan_clear_dep_queue(struct acpi_device *adev)
+{
+       struct acpi_scan_clear_dep_work *cdw;
 
-       acpi_bus_get_device(dep->consumer, &adev);
+       if (adev->dep_unmet)
+               return false;
+
+       cdw = kmalloc(sizeof(*cdw), GFP_KERNEL);
+       if (!cdw)
+               return false;
+
+       cdw->adev = adev;
+       INIT_WORK(&cdw->work, acpi_scan_clear_dep_fn);
+       /*
+        * Since the work function may block on the lock until the entire
+        * initial enumeration of devices is complete, put it into the unbound
+        * workqueue.
+        */
+       queue_work(system_unbound_wq, &cdw->work);
+
+       return true;
+}
+
+static int acpi_scan_clear_dep(struct acpi_dep_data *dep, void *data)
+{
+       struct acpi_device *adev = acpi_bus_get_acpi_device(dep->consumer);
 
        if (adev) {
                adev->dep_unmet--;
-               if (!adev->dep_unmet)
-                       acpi_bus_attach(adev, true);
+               if (!acpi_scan_clear_dep_queue(adev))
+                       acpi_dev_put(adev);
        }
 
        list_del(&dep->node);