From eb049d3777ce6e50ae830a41f9308c270cb26858 Mon Sep 17 00:00:00 2001 From: Pavel Kubelun Date: Mon, 28 Nov 2016 15:21:42 +0300 Subject: net: ar8216: hold ar8xxx_dev_list_lock during use_count-- Import from https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c3fd96a7b87da23979d8569ce45447f8419ca303%5E%21/#F0 Signed-off-by: Pavel Kubelun CHROMIUM: drivers: ar8216: hold ar8xxx_dev_list_lock during use_count-- It is possible for the remove() callback to run twice in parallel, which could result into --use_count returning only 1 in both cases and the rest of the unregistration path to never be reached. This case has never been observed in practice, but we will fix preventively to make the code more robust. BUG=chrome-os-partner:33096 TEST=none Change-Id: If09abe27fdb2037f514f8674418bafaab3cbdef6 Signed-off-by: Mathieu Olivari Reviewed-on: https://chromium-review.googlesource.com/232870 Reviewed-by: Matthias Kaehlcke Reviewed-by: Toshi Kikuchi Tested-by: Toshi Kikuchi --- target/linux/generic/files/drivers/net/phy/ar8216.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'target/linux/generic/files') diff --git a/target/linux/generic/files/drivers/net/phy/ar8216.c b/target/linux/generic/files/drivers/net/phy/ar8216.c index 7398d7e273..d575043629 100644 --- a/target/linux/generic/files/drivers/net/phy/ar8216.c +++ b/target/linux/generic/files/drivers/net/phy/ar8216.c @@ -2241,10 +2241,14 @@ ar8xxx_phy_remove(struct phy_device *phydev) return; phydev->priv = NULL; - if (--priv->use_count > 0) - return; mutex_lock(&ar8xxx_dev_list_lock); + + if (--priv->use_count > 0) { + mutex_unlock(&ar8xxx_dev_list_lock); + return; + } + list_del(&priv->list); mutex_unlock(&ar8xxx_dev_list_lock); @@ -2294,4 +2298,3 @@ ar8xxx_exit(void) module_init(ar8xxx_init); module_exit(ar8xxx_exit); MODULE_LICENSE("GPL"); - -- cgit v1.2.3