Re: [PATCH -next] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()

From: Sebastian Reichel
Date: Thu Apr 08 2021 - 08:39:19 EST

Next message: DENG Qingfang: "[RFC v3 net-next 0/4] MT7530 interrupt support"
Previous message: Sebastian Reichel: "Re: [PATCH -next] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Wed, Apr 07, 2021 at 01:15:11PM +0200, Krzysztof Kozlowski wrote:
> On 07/04/2021 11:19, Yang Yingliang wrote:
> > This driver's remove path calls cancel_delayed_work(). However, that
> > function does not wait until the work function finishes. This means
> > that the callback function may still be running after the driver's
> > remove function has finished, which would result in a use-after-free.
> >
> > Fix by calling cancel_delayed_work_sync(), which ensures that
> > the work is properly cancelled, no longer running, and unable
> > to re-schedule itself.
> >
> > Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
> > Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
> > ---
> > drivers/power/supply/s3c_adc_battery.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
>
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx>

Thanks,

queued.

-- Sebastian

Attachment: signature.asc
Description: PGP signature

Next message: DENG Qingfang: "[RFC v3 net-next 0/4] MT7530 interrupt support"
Previous message: Sebastian Reichel: "Re: [PATCH -next] power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]