Unverified Commit 4b58aac9 authored Jan 09, 2026 by Cheng-Yu Lee Committed by Mark Brown Jan 12, 2026

regmap: Fix race condition in hwspinlock irqsave routine



Previously, the address of the shared member '&map->spinlock_flags' was
passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race
condition where multiple contexts contending for the lock could overwrite
the shared flags variable, potentially corrupting the state for the
current lock owner.

Fix this by using a local stack variable 'flags' to store the IRQ state
temporarily.

Fixes: 8698b936 ("regmap: Add hardware spinlock support")
Signed-off-by: Cheng-Yu Lee <cylee12@realtek.com>
Co-developed-by: Yu-Chun Lin <eleanor.lin@realtek.com>
Signed-off-by: Yu-Chun Lin <eleanor.lin@realtek.com>
Link: https://patch.msgid.link/20260109032633.8732-1-eleanor.lin@realtek.com


Signed-off-by: Mark Brown <broonie@kernel.org>

parent f3f380ce

drivers/base/regmap/regmap.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -408,9 +408,11 @@ static void regmap_lock_hwlock_irq(void *__map)
		static void regmap_lock_hwlock_irqsave(void *__map)
		{
		struct regmap *map = __map;
		unsigned long flags = 0;

		hwspin_lock_timeout_irqsave(map->hwlock, UINT_MAX,
		&map->spinlock_flags);
		&flags);
		map->spinlock_flags = flags;
		}

		static void regmap_unlock_hwlock(void *__map)