Make sure to hold the gpio_lock when removing the gpio device from the gpio_devices list (when dropping the last reference) to avoid corrupting the list when there are concurrent accesses.
Fixes: ff2b13592299 ("gpio: make the gpiochip a real device") Cc: stable@vger.kernel.org # 4.6 Reviewed-by: Saravana Kannan saravanak@google.com Signed-off-by: Johan Hovold johan@kernel.org --- drivers/gpio/gpiolib.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 6e0572515d02..4253837f870b 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -475,8 +475,12 @@ EXPORT_SYMBOL_GPL(gpiochip_line_is_valid); static void gpiodevice_release(struct device *dev) { struct gpio_device *gdev = container_of(dev, struct gpio_device, dev); + unsigned long flags;
+ spin_lock_irqsave(&gpio_lock, flags); list_del(&gdev->list); + spin_unlock_irqrestore(&gpio_lock, flags); + ida_free(&gpio_ida, gdev->id); kfree_const(gdev->label); kfree(gdev->descs);
On Mon, Mar 1, 2021 at 10:05 AM Johan Hovold johan@kernel.org wrote:
Make sure to hold the gpio_lock when removing the gpio device from the gpio_devices list (when dropping the last reference) to avoid corrupting the list when there are concurrent accesses.
Fixes: ff2b13592299 ("gpio: make the gpiochip a real device") Cc: stable@vger.kernel.org # 4.6 Reviewed-by: Saravana Kannan saravanak@google.com Signed-off-by: Johan Hovold johan@kernel.org
Excellent fix as well, Reviewed-by: Linus Walleij linus.walleij@linaro.org
Yours, Linus Walleij
linux-stable-mirror@lists.linaro.org
-
Johan Hovold -
Linus Walleij