Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race

Next message: Milan Mi&#x161;i&#x107;: "Re: [PATCH] iio: imu: st_lsm6dsx: Add ACPI ID for SHIFT13mi gyroscope"
Previous message: Patrice CHOTARD: "Re: [PATCH v5 4/6] ARM: dts: stm32: Add boot phase tags for STMicroelectronics mp13 boards"
In reply to: Mauricio Faria de Oliveira: "Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race"
Next in thread: Mauricio Faria de Oliveira: "Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mauricio Faria de Oliveira

Date: Wed Mar 25 2026 - 10:37:46 EST

On 2026-03-25 11:17, Mauricio Faria de Oliveira wrote:
> Thanks for looking into this.
>
> On 2026-03-25 09:47, Rafael J. Wysocki wrote:
>> I can see the one between thermal_zone_device_unregister() and
>> thermal_zone_device_resume(), but that can be addressed by adding a
>> TZ_STATE_FLAG_EXIT check to the latter AFAICS.
>

Please disregard this paragraph; I incorrectly read/wrote _resume()
as thermal_zone_pm_complete() discussed above. The rest should be
right. I'll review this and get back shortly.

> In the example describe above and detailed below, apparently that
> is not sufficient, if I'm not missing anything. See, if _resume()
> is reached with thermal_list_lock held, thermal_zone_device_exit()
> is waiting for thermal_list_lock before setting TZ_STATE_FLAG_EXIT,
> thus a check for it in _resume() would find it clear yet.

--
Mauricio