Re: [patch 00/16] timers: Plug debugobject leaks and use del_timer_sync() in exit/teardown

From: Thomas Gleixner
Date: Mon Mar 24 2014 - 05:04:10 EST

Next message: Thomas Gleixner: "Re: [PATCH v2] hrtimers: calculate expires_next after all timers are executed"
Previous message: Nicolas Ferre: "Re: [PATCH 00/15] iio: adc: at91 cleanups and atmel_tsadcc removal"
In reply to: Julia Lawall: "Re: [patch 00/16] timers: Plug debugobject leaks and use del_timer_sync() in exit/teardown"
Next in thread: Thomas Gleixner: "Re: [patch 00/16] timers: Plug debugobject leaks and use del_timer_sync() in exit/teardown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2014-03-24 08:29, Julia Lawall wrote:

Another thing I saw is

del_timer(&bla->timer);
....
kfree(&bla);

In one case I saw the following:

if (isac->dch.timer.function != NULL) {
del_timer(&isac->dch.timer);
isac->dch.timer.function = NULL;
}
kfree(isac->mon_rx);
isac->mon_rx = NULL;

Is the assignment isac->dch.timer.function = NULL good enough to solve
the problem?

No. It might lead to a NULL dereference when the other core wants
to call the callback. Same situation as in the other picture.

Thanks,

tglx

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH v2] hrtimers: calculate expires_next after all timers are executed"
Previous message: Nicolas Ferre: "Re: [PATCH 00/15] iio: adc: at91 cleanups and atmel_tsadcc removal"
In reply to: Julia Lawall: "Re: [patch 00/16] timers: Plug debugobject leaks and use del_timer_sync() in exit/teardown"
Next in thread: Thomas Gleixner: "Re: [patch 00/16] timers: Plug debugobject leaks and use del_timer_sync() in exit/teardown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]