gpiolib: remove the GPIO device from the list when it's unregistered

If we wait until the GPIO device's .release() callback gets invoked before we remove it from the global device list, then we risk that someone will look it up using gpio_device_find() between where we dropped the last reference and before .release() is done taking a reference again to an object that's being released. The device must be removed when it's being unregistered - just like how we remove it from the GPIO bus. Fixes: ff2b135922 ("gpio: make the gpiochip a real device") Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
2024-11-29 15:41:36 +00:00 · 2024-01-02 16:59:47 +01:00 · 2024-01-02 16:59:47 +01:00 · 48e1b4d369
commit 48e1b4d369
parent c4f8457d17
1 changed files with 3 additions and 3 deletions
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@ -651,9 +651,6 @@ static void gpiodev_release(struct device *dev)
 {
 	struct gpio_device *gdev = to_gpio_device(dev);

-	scoped_guard(mutex, &gpio_devices_lock)
-		list_del(&gdev->list);
-
 	ida_free(&gpio_ida, gdev->id);
 	kfree_const(gdev->label);
 	kfree(gdev->descs);
@ -1068,6 +1065,9 @@ void gpiochip_remove(struct gpio_chip *gc)
 		dev_crit(&gdev->dev,
 			 "REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED\n");

+	scoped_guard(mutex, &gpio_devices_lock)
+		list_del(&gdev->list);
+
 	/*
 	 * The gpiochip side puts its use of the device to rest here:
 	 * if there are no userspace clients, the chardev and device will