Re: [PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions

From: Lars-Peter Clausen
Date: Tue Jul 31 2012 - 08:32:23 EST

Next message: Shilimkar, Santosh: "Re: [GPIO] Crashed when not using"
Previous message: Hillf Danton: "Re: [RFC patch] vm: clear swap entry before copying pte"
In reply to: Julia Lawall: "[PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions"
Next in thread: Julia Lawall: "Re: [PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On 07/31/2012 12:09 PM, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@xxxxxxx>
> @@ -720,20 +698,14 @@ error_ret:
> static int __devexit at91_adc_remove(struct platform_device *pdev)
> {
> struct iio_dev *idev = platform_get_drvdata(pdev);
> - struct resource *res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> struct at91_adc_state *st = iio_priv(idev);
>
> iio_device_unregister(idev);
> [...]
> - free_irq(st->irq, idev);
> [...]
> iio_device_free(idev);

I think we have to be careful here. The interrupted is now freed after the
device has been freed, which means that it could trigger after the device
has been freed. And since we use the device in the interrupt handler we'll
get a use after free.

- Lars
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shilimkar, Santosh: "Re: [GPIO] Crashed when not using"
Previous message: Hillf Danton: "Re: [RFC patch] vm: clear swap entry before copying pte"
In reply to: Julia Lawall: "[PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions"
Next in thread: Julia Lawall: "Re: [PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]