Vincent Whitchurch
d6111e7bdb
iio: trigger: sysfs: fix use-after-free on remove ...
commit 78601726d4a59a291acc5a52da1d3a0a6831e4e8 upstream.
Ensure that the irq_work has completed before the trigger is freed.
==================================================================
BUG: KASAN: use-after-free in irq_work_run_list
Read of size 8 at addr 0000000064702248 by task python3/25
Call Trace:
irq_work_run_list
irq_work_tick
update_process_times
tick_sched_handle
tick_sched_timer
__hrtimer_run_queues
hrtimer_interrupt
Allocated by task 25:
kmem_cache_alloc_trace
iio_sysfs_trig_add
dev_attr_store
sysfs_kf_write
kernfs_fop_write_iter
new_sync_write
vfs_write
ksys_write
sys_write
Freed by task 25:
kfree
iio_sysfs_trig_remove
dev_attr_store
sysfs_kf_write
kernfs_fop_write_iter
new_sync_write
vfs_write
ksys_write
sys_write
==================================================================
Fixes: f38bc926d022 ("staging:iio:sysfs-trigger: Use irq_work to properly active trigger")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Link: https://lore.kernel.org/r/20220519091925.1053897-1-vincent.whitchurch@axis.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-07-02 16:17:15 +02:00
2022-07-02 16:17:15 +02:00
2022-04-20 09:06:36 +02:00
2018-07-03 11:23:11 +02:00
2019-02-15 08:07:37 +01:00
2021-10-27 09:33:58 +02:00
2022-05-12 12:14:54 +02:00
2022-06-14 16:52:39 +02:00
2018-09-09 20:01:22 +02:00
2021-12-14 10:04:50 +01:00
2020-07-22 09:10:50 +02:00
2021-07-20 16:21:04 +02:00
2021-07-20 16:21:03 +02:00
2021-12-14 10:04:49 +01:00
2022-05-12 12:14:54 +02:00
2016-11-05 17:47:47 +00:00
2020-12-29 13:45:07 +01:00
2021-07-20 16:21:04 +02:00
2016-11-13 10:08:32 +01:00
2022-07-02 16:17:15 +02:00
2020-12-29 13:45:07 +01:00
2017-10-12 11:51:18 +02:00
2022-04-20 09:06:28 +02:00
d6111e7bdb