ACPI: battery: Fix possible crash when unregistering a battery hook

When a battery hook returns an error when adding a new battery, then
the battery hook is automatically unregistered.
However the battery hook provider cannot know that, so it will later
call battery_hook_unregister() on the already unregistered battery
hook, resulting in a crash.

Fix this by using the list head to mark already unregistered battery
hooks as already being unregistered so that they can be ignored by
battery_hook_unregister().

Fixes: fa93854f7a7e ("battery: Add the battery hooking API")
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
index dda59ee5a11e155f555eb7571b452c13d4e5ee48..1c45ff6dbb83e0a2c0b0c8fda9de6878c33b99d4 100644 (file)
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook)
                if (!hook->remove_battery(battery->bat, hook))
                        power_supply_changed(battery->bat);
        }
-       list_del(&hook->list);
+       list_del_init(&hook->list);
 
        pr_info("extension unregistered: %s\n", hook->name);
 }
@@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook)
 void battery_hook_unregister(struct acpi_battery_hook *hook)
 {
        mutex_lock(&hook_mutex);
-       battery_hook_unregister_unlocked(hook);
+       /*
+        * Ignore already unregistered battery hooks. This might happen
+        * if a battery hook was previously unloaded due to an error when
+        * adding a new battery.
+        */
+       if (!list_empty(&hook->list))
+               battery_hook_unregister_unlocked(hook);
+
        mutex_unlock(&hook_mutex);
 }
 EXPORT_SYMBOL_GPL(battery_hook_unregister);
@@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook)
        struct acpi_battery *battery;
 
        mutex_lock(&hook_mutex);
-       INIT_LIST_HEAD(&hook->list);
        list_add(&hook->list, &battery_hook_list);
        /*
         * Now that the driver is registered, we need