| Message ID | 20240102155949.73434-2-brgl@bgdev.pl |
|---|---|
| State | New |
| Headers | show |
| Series | gpiolib: use a read-write semaphore to protect the GPIO device list | expand |
On Tue, Jan 2, 2024 at 4:59 PM Bartosz Golaszewski <brgl@bgdev.pl> wrote: > From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> > > If we wait until the GPIO device's .release() callback gets invoked > before we remove it from the global device list, then we risk that > someone will look it up using gpio_device_find() between where we > dropped the last reference and before .release() is done taking a > reference again to an object that's being released. > > The device must be removed when it's being unregistered - just like how > we remove it from the GPIO bus. > > Fixes: ff2b13592299 ("gpio: make the gpiochip a real device") > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Makes sense! Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Yours, Linus Walleij
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index e21497b989a1..e019c4243809 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -651,9 +651,6 @@ static void gpiodev_release(struct device *dev) { struct gpio_device *gdev = to_gpio_device(dev); - scoped_guard(mutex, &gpio_devices_lock) - list_del(&gdev->list); - ida_free(&gpio_ida, gdev->id); kfree_const(gdev->label); kfree(gdev->descs); @@ -1068,6 +1065,9 @@ void gpiochip_remove(struct gpio_chip *gc) dev_crit(&gdev->dev, "REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED\n"); + scoped_guard(mutex, &gpio_devices_lock) + list_del(&gdev->list); + /* * The gpiochip side puts its use of the device to rest here: * if there are no userspace clients, the chardev and device will