PM / devfreq: stopping the governor before device_unregister()

device_release() is freeing the resources before calling the device
specific release callback which is, in the case of devfreq, stopping
the governor.

It is a problem as some governors are using the device resources. e.g.
simpleondemand which is using the devfreq deferrable monitoring work. If it
is not stopped before the resources are freed, it might lead to a use after
free.

Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com>
Reviewed-by: John Einar Reitan <john.reitan@arm.com>
[cw00.choi: Fix merge conflict]
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>

diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index b5e7af60723c483721e6a81d1a7c54fbd73ee376..1868423355d95f3ed79e22b31248bf1666486f5f 100644 (file)
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -575,10 +575,6 @@ static void devfreq_dev_release(struct device *dev)
        list_del(&devfreq->node);
        mutex_unlock(&devfreq_list_lock);
 
-       if (devfreq->governor)
-               devfreq->governor->event_handler(devfreq,
-                                                DEVFREQ_GOV_STOP, NULL);
-
        if (devfreq->profile->exit)
                devfreq->profile->exit(devfreq->dev.parent);
 
@@ -714,7 +710,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
 err_init:
        mutex_unlock(&devfreq_list_lock);
 
-       device_unregister(&devfreq->dev);
+       devfreq_remove_device(devfreq);
        devfreq = NULL;
 err_dev:
        if (devfreq)
@@ -735,6 +731,9 @@ int devfreq_remove_device(struct devfreq *devfreq)
        if (!devfreq)
                return -EINVAL;
 
+       if (devfreq->governor)
+               devfreq->governor->event_handler(devfreq,
+                                                DEVFREQ_GOV_STOP, NULL);
        device_unregister(&devfreq->dev);
 
        return 0;