Re: [PATCH] auxdisplay: ht16k33: fix potential user-after-free on module unload

From: Sven Van Asbroeck
Date: Sun Feb 10 2019 - 17:05:55 EST

Next message: Callum Sinclair: "[PATCH net-next] ipmr: ip6mr: Create new sockopt to clear mfc cache or vifs"
Previous message: Thomas Gleixner: "Re: [PATCH V3 1/3] x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available"
In reply to: Dmitry Torokhov: "Re: [PATCH] auxdisplay: ht16k33: fix potential user-after-free on module unload"
Next in thread: Robin van der Gracht: "Re: [PATCH] auxdisplay: ht16k33: fix potential user-after-free on module unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 8, 2019 at 7:15 PM Miguel Ojeda
<miguel.ojeda.sandonis@xxxxxxxxx> wrote:
>
> On module unload/remove, we need to ensure that work does not run
> after we have freed resources. Concretely, cancel_delayed_work()
> may return while the callback function is still running.
>
> From kernel/workqueue.c:
>
> The work callback function may still be running on return,
> unless it returns true and the work doesn't re-arm itself.
> Explicitly flush or use cancel_delayed_work_sync() to wait on it.
>
> Link: https://lore.kernel.org/lkml/20190204220952.30761-1-TheSven73@xxxxxxxxxxxxxx/
> Reported-by: Sven Van Asbroeck <thesven73@xxxxxxxxx>
> Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx>

Yes, this should do the trick.

Reviewed-by: Sven Van Asbroeck <TheSven73@xxxxxxxxx>

Next message: Callum Sinclair: "[PATCH net-next] ipmr: ip6mr: Create new sockopt to clear mfc cache or vifs"
Previous message: Thomas Gleixner: "Re: [PATCH V3 1/3] x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available"
In reply to: Dmitry Torokhov: "Re: [PATCH] auxdisplay: ht16k33: fix potential user-after-free on module unload"
Next in thread: Robin van der Gracht: "Re: [PATCH] auxdisplay: ht16k33: fix potential user-after-free on module unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]