Hello:
This patch was applied to chrome-platform/linux.git (for-next)
by Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>:
On Tue, 29 Aug 2023 11:06:22 +0800 you wrote:
> cros_ec_sensors_push_data() reads `indio_dev->active_scan_mask` and
> calls iio_push_to_buffers_with_timestamp() without making sure the
> `indio_dev` stays in buffer mode. There is a race if `indio_dev` exits
> buffer mode right before cros_ec_sensors_push_data() accesses them.
>
> An use-after-free on `indio_dev->active_scan_mask` was observed. The
> call trace:
> [...]
> _find_next_bit
> cros_ec_sensors_push_data
> cros_ec_sensorhub_event
> blocking_notifier_call_chain
> cros_ec_irq_thread
>
> [...]
Here is the summary with links:
- [v2] iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data()
https://git.kernel.org/chrome-platform/c/7771c8c80d62
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
