From: Takashi Iwai tiwai@suse.de
commit 66482f640755b31cb94371ff6cef17400cda6db5 upstream.
The device_links_purge() function (called from device_del()) tries to remove the links.needs_suppliers list entry, but it's using list_del(), hence it doesn't initialize after the removal. This is OK for normal cases where device_del() is called via device_destroy(). However, it's not guaranteed that the device object will be really deleted soon after device_del(). In a minor case like HD-audio codec reconfiguration that re-initializes the device after device_del(), it may lead to a crash by the corrupted list entry.
As a simple fix, replace list_del() with list_del_init() in order to make the list intact after the device_del() call.
Fixes: e2ae9bcc4aaa ("driver core: Add support for linking devices during device addition") Cc: stable@vger.kernel.org Reviewed-by: Rafael J. Wysocki rafael.j.wysocki@intel.com Signed-off-by: Takashi Iwai tiwai@suse.de Link: https://lore.kernel.org/r/20201208190326.27531-1-tiwai@suse.de Cc: Saravana Kannan saravanak@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/base/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1386,7 +1386,7 @@ static void device_links_purge(struct de return;
mutex_lock(&wfs_lock); - list_del(&dev->links.needs_suppliers); + list_del_init(&dev->links.needs_suppliers); mutex_unlock(&wfs_lock);
/*