Re: [PATCH] iio: envelope-detector: fix use-after-free on device remove

From: Sven Van Asbroeck
Date: Mon Mar 11 2019 - 14:48:13 EST


Hi Peter,

On Mon, Mar 11, 2019 at 2:41 PM Peter Rosin <peda@xxxxxxxxxx> wrote:
>
> This is false positive, AFAICT. The delayed work must have
> finished while envelope_detector_read_raw() holds the read_lock
> mutex, and it would be highly surprising if the device can go
> away while it is handling an IIO ->read_raw call. (THAT would be
> an interesting bug...)

Quite right. I had completely overlooked the fact that wait_for_completion()
cannot finish unless explicitly completed. Unlike
wait_for_completion_interruptible().

So yes, this looks like a false positive. My apologies.

Sven