On 21 January 2015 11:14:11 GMT+00:00, Varka Bhadram <varkabhadram@xxxxxxxxx> wrote:
>On Wed, Jan 21, 2015 at 3:49 PM, Lars-Peter Clausen <lars@xxxxxxxxxx>
>wrote:
>> On 01/21/2015 06:59 AM, varkabhadram@xxxxxxxxx wrote:
>> [...]
>>>
>>> void inv_mpu6050_remove_trigger(struct inv_mpu6050_state *st)
>>> {
>>> iio_trigger_unregister(st->trig);
>>> - free_irq(st->client->irq, st->trig);
>>> iio_trigger_free(st->trig);
>>
>>
>> You are changing the relative order between free_irq() and
>> iio_trigger_free() here and by doing so introduce a use-after-free
>race
>> condition. The IRQ handler uses the trigger, so the IRQ has to be
>released
>> before the trigger is freed.
>>
>> This can be easily fixed though by changing the order of patch 1 and
>patch 2
>> in this series.
>
>It does not make any difference if we take this patch series...?
>>
>>
>>
Bad practice to introduce a bug even if for only one patch... It made Lars review
two changes together when they were separable .
I'd prefer them reordered but will probably cope if not!
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
