On Wed, Jan 21, 2015 at 10:55 PM, Jonathan Cameron
<jic23@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>
> On 21 January 2015 11:14:11 GMT+00:00, Varka Bhadram <varkabhadram@xxxxxxxxx> wrote:
>>On Wed, Jan 21, 2015 at 3:49 PM, Lars-Peter Clausen <lars@xxxxxxxxxx>
>>wrote:
>>> On 01/21/2015 06:59 AM, varkabhadram@xxxxxxxxx wrote:
>>> [...]
>>>>
>>>> void inv_mpu6050_remove_trigger(struct inv_mpu6050_state *st)
>>>> {
>>>> iio_trigger_unregister(st->trig);
>>>> - free_irq(st->client->irq, st->trig);
>>>> iio_trigger_free(st->trig);
>>>
>>>
>>> You are changing the relative order between free_irq() and
>>> iio_trigger_free() here and by doing so introduce a use-after-free
>>race
>>> condition. The IRQ handler uses the trigger, so the IRQ has to be
>>released
>>> before the trigger is freed.
>>>
>>> This can be easily fixed though by changing the order of patch 1 and
>>patch 2
>>> in this series.
>>
>>It does not make any difference if we take this patch series...?
>>>
>>>
>>>
> Bad practice to introduce a bug even if for only one patch... It made Lars review
> two changes together when they were separable .
>
> I'd prefer them reordered but will probably cope if not!
I will resend by reorder the patches...
--
Thanks and Regards,
Varka Bhadram.
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
