Re: [PATCH v2] iio: core: fix ioctl handlers removal
From: Jonathan Cameron
Date: Sat Apr 24 2021 - 06:52:19 EST
On Fri, 23 Apr 2021 10:02:44 +0200
Tomasz Duszynski <tomasz.duszynski@xxxxxxxxxxx> wrote:
> Currently ioctl handlers are removed twice. For the first time during
> iio_device_unregister() then later on inside
> iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask().
> Double free leads to kernel panic.
>
> Fix this by not touching ioctl handlers list directly but rather
> letting code responsible for registration call the matching cleanup
> routine itself.
>
> Fixes: 8dedcc3eee3ac ("iio: core: centralize ioctl() calls to the main chardev")
> Signed-off-by: Tomasz Duszynski <tomasz.duszynski@xxxxxxxxxxx>
> Acked-by: Alexandru Ardelean <ardeleanalex@xxxxxxxxx>
There are a bunch of unused local variables as a result of this change
(build warnings on my standard W=1 C=1 test). I've dropped those as well and
applied this to the fixes-togreg branch of iio.git.
We are a bit unfortunate on timing for this as I won't send a pull request
for fixes until towards the end of the merge window. I've marked it for stable
though so it should filter back fairly quickly so kernels people actually
use.
Thanks,
Jonathan
> ---
> v2:
> * add fixes tag and ack
>
> drivers/iio/industrialio-core.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
> index d92c58a94fe4..98944cfc7331 100644
> --- a/drivers/iio/industrialio-core.c
> +++ b/drivers/iio/industrialio-core.c
> @@ -1939,9 +1939,6 @@ void iio_device_unregister(struct iio_dev *indio_dev)
>
> indio_dev->info = NULL;
>
> - list_for_each_entry_safe(h, t, &iio_dev_opaque->ioctl_handlers, entry)
> - list_del(&h->entry);
> -
> iio_device_wakeup_eventset(indio_dev);
> iio_buffer_wakeup_poll(indio_dev);
>
> --
> 2.31.1
>