Re: [PATCH 01/21] regulator: core: Reduce critical area in _regulator_get

From: Mark Brown
Date: Mon May 25 2015 - 13:46:08 EST


On Mon, May 25, 2015 at 04:53:05PM +0200, Tomeu Vizoso wrote:

> ...by moving the locking to regulator_dev_lookup.

This breaks the locking.

> + mutex_lock(&regulator_list_mutex);
> list_for_each_entry(r, &regulator_list, list)
> - if (strcmp(rdev_get_name(r), supply) == 0)
> + if (strcmp(rdev_get_name(r), supply) == 0) {
> + mutex_unlock(&regulator_list_mutex);
> return r;
> + }
> + mutex_unlock(&regulator_list_mutex);

This means that we hold the lock while we walk the list but then return
a pointer to a regulator device that we don't have a reference to. This
then means that something else can unregister the regulator we're
holding a pointer to which means that it is unsafe to use that pointer.
We need to ensure that any objects we look up via the list remain valid
while we're working with them.

Attachment: signature.asc
Description: Digital signature