On 01/21/2015 06:59 AM, varkabhadram@xxxxxxxxx wrote:
[...]
void inv_mpu6050_remove_trigger(struct inv_mpu6050_state *st)
{
iio_trigger_unregister(st->trig);
- free_irq(st->client->irq, st->trig);
iio_trigger_free(st->trig);
You are changing the relative order between free_irq() and
iio_trigger_free() here and by doing so introduce a use-after-free race
condition. The IRQ handler uses the trigger, so the IRQ has to be released
before the trigger is freed.
This can be easily fixed though by changing the order of patch 1 and patch 2
in this series.
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
