On Wed, Mar 23, 2022 at 02:45:59PM -0500, Pierre-Louis Bossart wrote:
The last line is the problematic one. If at some point, the user does an rmmod and unbinds the SoundWire codec driver, the .remove will be called and the 'drv' will no longer be valid, but we will still have a reference to drv->ops and use that pointer in the bus code, e.g.
...
where I force-reset this slave->ops pointer, but it is likely to be very racy.
We probably need to avoid such references, or have a clean mechanism to unbind, e.g. with all commands and interrupts stopped while the codec driver .remove routine is handled.
Your analysis seems pretty much spot on - you'll need locking or other measures to make sure there are no live callbacks from the bus while the device is being removed. It's a fairly standard problem unfortunately.