> Subject: [PATCH 1/2] watchdog: core: fix null pointer dereference when releasing cdev
>
> watchdog_stop() calls watchdog_update_worker() which needs a valid
> wdd->wd_data pointer. So, when unregistering the cdev, clear the
> pointers after we call watchdog_stop(), not before.
>
> Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper")
> Signed-off-by: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>
Reviewed-by: Fabrizio Castro <fabrizio.castro@xxxxxxxxxxxxxx>
> ---
> drivers/watchdog/watchdog_dev.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
> index ffbdc4642ea5..f6c24b22b37c 100644
> --- a/drivers/watchdog/watchdog_dev.c
> +++ b/drivers/watchdog/watchdog_dev.c
> @@ -1019,16 +1019,16 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
> old_wd_data = NULL;
> }
>
> -mutex_lock(&wd_data->lock);
> -wd_data->wdd = NULL;
> -wdd->wd_data = NULL;
> -mutex_unlock(&wd_data->lock);
> -
> if (watchdog_active(wdd) &&
> test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) {
> watchdog_stop(wdd);
> }
>
> +mutex_lock(&wd_data->lock);
> +wd_data->wdd = NULL;
> +wdd->wd_data = NULL;
> +mutex_unlock(&wd_data->lock);
> +
> hrtimer_cancel(&wd_data->timer);
> kthread_cancel_work_sync(&wd_data->work);
>
> --
> 2.11.0
Renesas Electronics Europe Ltd, Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire, SL8 5FH, UK. Registered in England & Wales under Registered No. 04586709.
