Message ID | 20241209115613.83675-1-krzysztof.kozlowski@linaro.org (mailing list archive) |
---|---|
State | Accepted |
Commit | 7d2cba685419777b8ec5c602f9c42f165af82365 |
Headers | show |
Series | [v3,1/4] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe() | expand |
diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index caf3f63d940e..11e88053cc11 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -236,10 +236,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock;
File-scope "__pmic_glink_lock" mutex protects the file-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable@vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> --- Changes in v3: 1. None Changes in v2: 1. None --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)