Re: [PATCH] iio: envelope-detector: fix use-after-free on device remove

From: Sven Van Asbroeck
Date: Mon Mar 11 2019 - 14:48:13 EST

Next message: Daniel Vetter: "Re: [PATCH] drm/bochs: Fix NULL dereference on atomic_disable helper"
Previous message: Tony Luck: "Re: [GIT PULL] first round of SCSI updates for the 5.0+ merge window"
In reply to: Peter Rosin: "Re: [PATCH] iio: envelope-detector: fix use-after-free on device remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Peter,

On Mon, Mar 11, 2019 at 2:41 PM Peter Rosin <peda@xxxxxxxxxx> wrote:
>
> This is false positive, AFAICT. The delayed work must have
> finished while envelope_detector_read_raw() holds the read_lock
> mutex, and it would be highly surprising if the device can go
> away while it is handling an IIO ->read_raw call. (THAT would be
> an interesting bug...)

Quite right. I had completely overlooked the fact that wait_for_completion()
cannot finish unless explicitly completed. Unlike
wait_for_completion_interruptible().

So yes, this looks like a false positive. My apologies.

Sven

Next message: Daniel Vetter: "Re: [PATCH] drm/bochs: Fix NULL dereference on atomic_disable helper"
Previous message: Tony Luck: "Re: [GIT PULL] first round of SCSI updates for the 5.0+ merge window"
In reply to: Peter Rosin: "Re: [PATCH] iio: envelope-detector: fix use-after-free on device remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]