regulator: core: fix NULL dereference on unbind due to stale coupling data

Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. This can happen during runtime PM or other regulator operations that rely on coupling metadata. For example, on ridesx4, unbinding the 'reg-dummy' platform device triggers a panic in regulator_lock_recursive() due to stale coupling state. Ensure n_coupled is set to 0 to prevent access to invalid pointers. Signed-off-by: Alessandro Carminati <acarmina@redhat.com> Link: https://patch.msgid.link/20250626083809.314842-1-acarmina@redhat.com Signed-off-by: Mark Brown <broonie@kernel.org>
author: Alessandro Carminati <acarmina@redhat.com> 2025-06-26 08:38:09 +0000
committer: Mark Brown <broonie@kernel.org> 2025-06-29 22:10:41 +0100
commit: ca46946a482238b0cdea459fb82fc837fb36260e (patch)
tree: 6a54fff050b9c12c96e38b9d7d3b700843c8861e
parent: d0b3b7b22dfa1f4b515fd3a295b3fd958f9e81af (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 7a248dc8d2e2..cbd6d53ebfb5 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5639,6 +5639,7 @@ static void regulator_remove_coupling(struct regulator_dev *rdev)
 				 ERR_PTR(err));
 	}
 
+	rdev->coupling_desc.n_coupled = 0;
 	kfree(rdev->coupling_desc.coupled_rdevs);
 	rdev->coupling_desc.coupled_rdevs = NULL;
 }
author	Alessandro Carminati <acarmina@redhat.com>	2025-06-26 08:38:09 +0000
committer	Mark Brown <broonie@kernel.org>	2025-06-29 22:10:41 +0100
commit	ca46946a482238b0cdea459fb82fc837fb36260e (patch)
tree	6a54fff050b9c12c96e38b9d7d3b700843c8861e
parent	d0b3b7b22dfa1f4b515fd3a295b3fd958f9e81af (diff)