Re: [PATCH] drivers/iio/adc/at91_adc.c: use devm_ functions

[Julia Lawall]

On Tue, 31 Jul 2012, Lars-Peter Clausen wrote:

> Hi,
>
> On 07/31/2012 12:09 PM, Julia Lawall wrote:
> > From: Julia Lawall <Julia.Lawall@xxxxxxx>
> > @@ -720,20 +698,14 @@ error_ret:
> >  static int __devexit at91_adc_remove(struct platform_device *pdev)
> >  {
> >  	struct iio_dev *idev = platform_get_drvdata(pdev);
> > -	struct resource *res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> >  	struct at91_adc_state *st = iio_priv(idev);
> >
> >  	iio_device_unregister(idev);
> > [...]
> > -	free_irq(st->irq, idev);
> > [...]
> >  	iio_device_free(idev);
>
> I think we have to be careful here. The interrupted is now freed after the
> device has been freed, which means that it could trigger after the device
> has been freed. And since we use the device in the interrupt handler we'll
> get a use after free.

Perhaps the same would be true in the following code, from the file
drivers/edac/highbank_l2_edac.c:

        res = devm_request_irq(&pdev->dev, drvdata->sb_irq,
                               highbank_l2_err_handler,
                               0, dev_name(&pdev->dev), dci);
        if (res < 0)
                goto err;

        dci->mod_name = dev_name(&pdev->dev);
        dci->dev_name = dev_name(&pdev->dev);

        if (edac_device_add_device(dci))
                goto err;

        devres_close_group(&pdev->dev, NULL);
        return 0;
err:
    	devres_release_group(&pdev->dev, NULL);
        edac_device_free_ctl_info(dci);

Is devm_request_irq perhaps not a very good idea?

julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/