[PATCH] regulator: core: avoid memory access after freeing it
From: Laxman Dewangan
Date: Tue Nov 06 2012 - 05:36:22 EST
When regulator_register() failed due to non availability of
supply then it exits through cleanup path. In this case it
checks for supply and if it is valid then unregister the supply.
The change done by Charles Keepax:
regulator: core: Move regulator release to avoid deadlock
puts the release of supply regualtor after device_unregister().
The device_unregister() frees the rdev and hence accessing rdev
member pointer after this calls gives incorrect pointer and cause
the system to crash.
Adding the locked version of regulator_put() as __regulator_put_locked()
so that it can be called in locked context also to avoid the deadlock
to address the above issue.
Signed-off-by: Laxman Dewangan <ldewangan@xxxxxxxxxx>
Cc: Charles Keepax <ckeepax@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
---
drivers/regulator/core.c | 30 ++++++++++++++++++------------
1 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index b4a425a..59280b6 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1382,23 +1382,16 @@ struct regulator *regulator_get_exclusive(struct device *dev, const char *id)
EXPORT_SYMBOL_GPL(regulator_get_exclusive);
/**
- * regulator_put - "free" the regulator source
- * @regulator: regulator source
- *
- * Note: drivers must ensure that all regulator_enable calls made on this
- * regulator source are balanced by regulator_disable calls prior to calling
- * this function.
+ * Locked version of regulator_put
*/
-void regulator_put(struct regulator *regulator)
+static void __regulator_put_locked(struct regulator *regulator)
{
struct regulator_dev *rdev;
if (regulator == NULL || IS_ERR(regulator))
return;
- mutex_lock(®ulator_list_mutex);
rdev = regulator->rdev;
-
debugfs_remove_recursive(regulator->debugfs);
/* remove any sysfs entries */
@@ -1412,6 +1405,20 @@ void regulator_put(struct regulator *regulator)
rdev->exclusive = 0;
module_put(rdev->owner);
+}
+
+/**
+ * regulator_put - "free" the regulator source
+ * @regulator: regulator source
+ *
+ * Note: drivers must ensure that all regulator_enable calls made on this
+ * regulator source are balanced by regulator_disable calls prior to calling
+ * this function.
+ */
+void regulator_put(struct regulator *regulator)
+{
+ mutex_lock(®ulator_list_mutex);
+ __regulator_put_locked(regulator);
mutex_unlock(®ulator_list_mutex);
}
EXPORT_SYMBOL_GPL(regulator_put);
@@ -3453,11 +3460,10 @@ scrub:
gpio_free(rdev->ena_gpio);
kfree(rdev->constraints);
wash:
+ if (rdev->supply)
+ __regulator_put_locked(rdev->supply);
device_unregister(&rdev->dev);
-
mutex_unlock(®ulator_list_mutex);
- if (rdev->supply)
- regulator_put(rdev->supply);
/* device core frees rdev */
rdev = ERR_PTR(ret);
--
1.7.1.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/