On Wed, May 09, 2018 at 01:56:20PM +0100, Srinivas Kandagatla wrote: > +static struct q6afe_port *afe_find_port(struct q6afe *afe, int token) > +{ > + struct q6afe_port *p = NULL; > + struct q6afe_port *ret = NULL; > + unsigned long flags; > + > + spin_lock_irqsave(&afe->port_list_lock, flags); > + list_for_each_entry(p, &afe->port_list, node) > + if (p->token == token) { > + ret = p; > + break; > + } > + > + spin_unlock_irqrestore(&afe->port_list_lock, flags); > + return ret; This lock only protects the list, it does nothing to ensure that the port we look up is still valid by the time we return to the caller. That means we won't crash during list traversal but does nothing to ensure we won't crash immediately afterwards if the port is deallocated just after we look it up. What stops that happening?
Attachment:
signature.asc
Description: PGP signature