The regulator framework maintains a list of consumer regulators for a regulator device and protects it from concurrent access using the regulator device's mutex lock. In the case of regulator_put() the consumer is removed without holding the regulator device's mutex, resulting in a race condition between any regulator operation which traverses the consumer list and regulator_put() which releases the consumer regulator. Fix this race condition by holding the regulator device's mutex while removing and releasing the consumer regulator. Signed-off-by: Ashay Jaiswal <ashayj@xxxxxxxxxxxxxx> --- drivers/regulator/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index c2554d8..3845397 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -1498,6 +1498,7 @@ static void _regulator_put(struct regulator *regulator) rdev = regulator->rdev; + mutex_lock(&rdev->mutex); debugfs_remove_recursive(regulator->debugfs); /* remove any sysfs entries */ @@ -1511,6 +1512,7 @@ static void _regulator_put(struct regulator *regulator) rdev->exclusive = 0; module_put(rdev->owner); + mutex_unlock(&rdev->mutex); } /** -- The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
