PM / devfreq: missing rcu_read_lock() added for find_device_opp()

opp_get_notifier() uses find_device_opp(), which requires to
held rcu_read_lock. In order to keep the notifier-header
valid, we have added rcu_read_lock().

Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>

diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index 45e053e..1a78ad9 100644 (file)
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -1023,11 +1023,18 @@ struct opp *devfreq_recommended_opp(struct device *dev, unsigned long *freq,
  */
 int devfreq_register_opp_notifier(struct device *dev, struct devfreq *devfreq)
 {
-       struct srcu_notifier_head *nh = opp_get_notifier(dev);
+       struct srcu_notifier_head *nh;
+       int ret = 0;
 
+       rcu_read_lock();
+       nh = opp_get_notifier(dev);
        if (IS_ERR(nh))
-               return PTR_ERR(nh);
-       return srcu_notifier_chain_register(nh, &devfreq->nb);
+               ret = PTR_ERR(nh);
+       rcu_read_unlock();
+       if (!ret)
+               ret = srcu_notifier_chain_register(nh, &devfreq->nb);
+
+       return ret;
 }
 
 /**
@@ -1042,11 +1049,18 @@ int devfreq_register_opp_notifier(struct device *dev, struct devfreq *devfreq)
  */
 int devfreq_unregister_opp_notifier(struct device *dev, struct devfreq *devfreq)
 {
-       struct srcu_notifier_head *nh = opp_get_notifier(dev);
+       struct srcu_notifier_head *nh;
+       int ret = 0;
 
+       rcu_read_lock();
+       nh = opp_get_notifier(dev);
        if (IS_ERR(nh))
-               return PTR_ERR(nh);
-       return srcu_notifier_chain_unregister(nh, &devfreq->nb);
+               ret = PTR_ERR(nh);
+       rcu_read_unlock();
+       if (!ret)
+               ret = srcu_notifier_chain_unregister(nh, &devfreq->nb);
+
+       return ret;
 }
 
 MODULE_AUTHOR("MyungJoo Ham <myungjoo.ham@samsung.com>");