[PATCH] regulator: core: fix race condition in regulator_put()

From: Ashay Jaiswal
Date: Wed Jan 07 2015 - 08:51:41 EST


The regulator framework maintains a list of consumer regulators
for a regulator device and protects it from concurrent access
using the regulator device's mutex lock.

In the case of regulator_put() the consumer is removed without
holding the regulator device's mutex, resulting in a race condition
between any regulator operation which traverses the consumer list
and regulator_put() which releases the consumer regulator.
Fix this race condition by holding the regulator device's mutex while
removing and releasing the consumer regulator.

Signed-off-by: Ashay Jaiswal <ashayj@xxxxxxxxxxxxxx>
---
drivers/regulator/core.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index c2554d8..3845397 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1498,6 +1498,7 @@ static void _regulator_put(struct regulator *regulator)

rdev = regulator->rdev;

+ mutex_lock(&rdev->mutex);
debugfs_remove_recursive(regulator->debugfs);

/* remove any sysfs entries */
@@ -1511,6 +1512,7 @@ static void _regulator_put(struct regulator *regulator)
rdev->exclusive = 0;

module_put(rdev->owner);
+ mutex_unlock(&rdev->mutex);
}

/**
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/