spi: spidev: Hold spi_lock over all defererences of spi in release()
authorMark Brown <broonie@kernel.org>
Mon, 16 Nov 2015 13:57:37 +0000 (13:57 +0000)
committerMark Brown <broonie@kernel.org>
Wed, 16 Dec 2015 12:09:35 +0000 (12:09 +0000)
We use the spi_lock spinlock to protect against races between the device
being removed and file operations on the spidev.  This means that in the
removal path all references to the device need to be done under lock as
in removal we dropping references to the device.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
drivers/spi/spidev.c

index 91a0fcd72423080900c6c733f6aeb7e800a85538..d0e7dfc647cf21a729696cbe499f7fc6dbf53b02 100644 (file)
@@ -651,11 +651,11 @@ static int spidev_release(struct inode *inode, struct file *filp)
                kfree(spidev->rx_buffer);
                spidev->rx_buffer = NULL;
 
+               spin_lock_irq(&spidev->spi_lock);
                if (spidev->spi)
                        spidev->speed_hz = spidev->spi->max_speed_hz;
 
                /* ... after we unbound from the underlying device? */
-               spin_lock_irq(&spidev->spi_lock);
                dofree = (spidev->spi == NULL);
                spin_unlock_irq(&spidev->spi_lock);