The device becomes visible to userspace via device_register()
even before it fully initialized by idr_init(). If userspace
or another thread tries to register a zone immediately after
device_register(), the control_type_valid() will fail because
the control_type is not yet in the list. The IDR is not yet
initialized, so this race condition causes zone registration
failure.

Move idr_init() and list addition before device_register()
fix the race condition.

Signed-off-by: Sumeet Pawnikar <sumeet4linux@gmail.com>
---
 drivers/powercap/powercap_sys.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
index 4112a0097338..bdc65e040d17 100644
--- a/drivers/powercap/powercap_sys.c
+++ b/drivers/powercap/powercap_sys.c
@@ -625,17 +625,22 @@ struct powercap_control_type *powercap_register_control_type(
 	INIT_LIST_HEAD(&control_type->node);
 	control_type->dev.class = &powercap_class;
 	dev_set_name(&control_type->dev, "%s", name);
-	result = device_register(&control_type->dev);
-	if (result) {
-		put_device(&control_type->dev);
-		return ERR_PTR(result);
-	}
 	idr_init(&control_type->idr);
 
 	mutex_lock(&powercap_cntrl_list_lock);
 	list_add_tail(&control_type->node, &powercap_cntrl_list);
 	mutex_unlock(&powercap_cntrl_list_lock);
 
+	result = device_register(&control_type->dev);
+	if (result) {
+		mutex_lock(&powercap_cntrl_list_lock);
+		list_del(&control_type->node);
+		mutex_unlock(&powercap_cntrl_list_lock);
+		idr_destroy(&control_type->idr);
+		put_device(&control_type->dev);
+		return ERR_PTR(result);
+	}
+
 	return control_type;
 }
 EXPORT_SYMBOL_GPL(powercap_register_control_type);
-- 
2.43.0

On Fri, Dec 5, 2025 at 8:02 PM Sumeet Pawnikar <sumeet4linux@gmail.com> wrote:
>
> The device becomes visible to userspace via device_register()
> even before it fully initialized by idr_init(). If userspace
> or another thread tries to register a zone immediately after
> device_register(), the control_type_valid() will fail because
> the control_type is not yet in the list. The IDR is not yet
> initialized, so this race condition causes zone registration
> failure.
>
> Move idr_init() and list addition before device_register()
> fix the race condition.
>
> Signed-off-by: Sumeet Pawnikar <sumeet4linux@gmail.com>
> ---
>  drivers/powercap/powercap_sys.c | 15 ++++++++++-----
>  1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
> index 4112a0097338..bdc65e040d17 100644
> --- a/drivers/powercap/powercap_sys.c
> +++ b/drivers/powercap/powercap_sys.c
> @@ -625,17 +625,22 @@ struct powercap_control_type *powercap_register_control_type(
>         INIT_LIST_HEAD(&control_type->node);
>         control_type->dev.class = &powercap_class;
>         dev_set_name(&control_type->dev, "%s", name);
> -       result = device_register(&control_type->dev);
> -       if (result) {
> -               put_device(&control_type->dev);
> -               return ERR_PTR(result);
> -       }
>         idr_init(&control_type->idr);
>
>         mutex_lock(&powercap_cntrl_list_lock);
>         list_add_tail(&control_type->node, &powercap_cntrl_list);
>         mutex_unlock(&powercap_cntrl_list_lock);
>
> +       result = device_register(&control_type->dev);
> +       if (result) {
> +               mutex_lock(&powercap_cntrl_list_lock);
> +               list_del(&control_type->node);
> +               mutex_unlock(&powercap_cntrl_list_lock);
> +               idr_destroy(&control_type->idr);
> +               put_device(&control_type->dev);
> +               return ERR_PTR(result);
> +       }
> +
>         return control_type;
>  }
>  EXPORT_SYMBOL_GPL(powercap_register_control_type);
> --

Applied as 6.19-rc material, thanks!