On Wed, Jan 21, 2015 at 3:49 PM, Lars-Peter Clausen <lars@xxxxxxxxxx> wrote:
> On 01/21/2015 06:59 AM, varkabhadram@xxxxxxxxx wrote:
> [...]
>>
>> void inv_mpu6050_remove_trigger(struct inv_mpu6050_state *st)
>> {
>> iio_trigger_unregister(st->trig);
>> - free_irq(st->client->irq, st->trig);
>> iio_trigger_free(st->trig);
>
>
> You are changing the relative order between free_irq() and
> iio_trigger_free() here and by doing so introduce a use-after-free race
> condition. The IRQ handler uses the trigger, so the IRQ has to be released
> before the trigger is freed.
>
> This can be easily fixed though by changing the order of patch 1 and patch 2
> in this series.
It does not make any difference if we take this patch series...?
>
>
>
--
Thanks and Regards,
Varka Bhadram.
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
