Re: [PATCH 2/9] iio: orientation: hid-sensor-incl-3d: Fix race between callback registration and device exposure

Next message: Ernest Van Hoecke: "Re: [PATCH 1/1] wifi: ath12k: support calibration-variant from device tree"
Previous message: Pratyush Yadav: "Re: [PATCH v2 00/18] kho: make boot time huge page allocation work nicely with KHO"
In reply to: Jonathan Cameron: "Re: [PATCH 2/9] iio: orientation: hid-sensor-incl-3d: Fix race between callback registration and device exposure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pandruvada, Srinivas

Date: Mon Jun 15 2026 - 09:38:35 EST

On Sun, 2026-06-14 at 19:24 +0100, Jonathan Cameron wrote:
> On Mon, 8 Jun 2026 15:34:05 +0000
> "Pandruvada, Srinivas" <srinivas.pandruvada@xxxxxxxxx> wrote:
>
> > On Sat, 2026-06-06 at 17:07 +0530, Sanjay Chitroda wrote:
> > > From: Sanjay Chitroda <sanjayembeddedse@xxxxxxxxx>
> > >
> > > The driver registers the IIO device before completing sensor hub
> > > callback registration and unregisters callbacks while the IIO
> > > device
> > > is still exposed during teardown.
> > >
> > > This creates race windows in both probe and remove paths, which
> > > can
> > > lead to NULL pointer dereferences or use-after-free.
> >
> > Reordering is fine, but can you show how this use after free is
> > possible?
> Agreed - I'm not seeing a definite issue so more info needed.
> For now I'm going to mark this changes-requested in patchwork.
>
> It might be a touch slow if someone manages to get buffered capture
> up before the callbacks are available, but I think that just means
> dropping a few samples?

Correct.

Thanks,
Srinivas

>
> Jonathan
>
> >
> > Thanks,
> > Srinivas
>