Re: [RFC PATCH] spi: fix use-after-free of the add_lock mutex

From: Lukas Wunner
Date: Thu Nov 11 2021 - 00:19:34 EST


On Wed, Nov 10, 2021 at 05:08:36PM +0100, Michael Walle wrote:
> Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on
> SPI buses") introduced a per-controller mutex. But mutex_unlock() of
> said lock is called after the controller is already freed:
>
> spi_unregister_controller(ctlr)
> -> put_device(&ctlr->dev)
> -> spi_controller_release(dev)
> mutex_unlock(&ctrl->add_lock)
>
> Move the put_device() after the mutex_unlock().
>
> Fixes: 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses")
> Signed-off-by: Michael Walle <michael@xxxxxxxx>

Reviewed-by: Lukas Wunner <lukas@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx # v5.15