From 48e1b4d369cfe2729138a128afa6b8a55d093eaf Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski Date: Tue, 2 Jan 2024 16:59:47 +0100 Subject: [PATCH] gpiolib: remove the GPIO device from the list when it's unregistered If we wait until the GPIO device's .release() callback gets invoked before we remove it from the global device list, then we risk that someone will look it up using gpio_device_find() between where we dropped the last reference and before .release() is done taking a reference again to an object that's being released. The device must be removed when it's being unregistered - just like how we remove it from the GPIO bus. Fixes: ff2b13592299 ("gpio: make the gpiochip a real device") Signed-off-by: Bartosz Golaszewski Reviewed-by: Linus Walleij --- drivers/gpio/gpiolib.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index e21497b989a1..e019c4243809 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -651,9 +651,6 @@ static void gpiodev_release(struct device *dev) { struct gpio_device *gdev = to_gpio_device(dev); - scoped_guard(mutex, &gpio_devices_lock) - list_del(&gdev->list); - ida_free(&gpio_ida, gdev->id); kfree_const(gdev->label); kfree(gdev->descs); @@ -1068,6 +1065,9 @@ void gpiochip_remove(struct gpio_chip *gc) dev_crit(&gdev->dev, "REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED\n"); + scoped_guard(mutex, &gpio_devices_lock) + list_del(&gdev->list); + /* * The gpiochip side puts its use of the device to rest here: * if there are no userspace clients, the chardev and device will -- 2.39.5