Re: [PATCH -next] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()

From: Krzysztof Kozlowski
Date: Wed Apr 07 2021 - 07:15:21 EST

Next message: Borislav Petkov: "Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Previous message: Matthew Wilcox: "Re: [PATCH 1/3] fsdax: Factor helpers to simplify dax fault code"
In reply to: Yang Yingliang: "[PATCH -next] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/04/2021 11:19, Yang Yingliang wrote:
> This driver's remove path calls cancel_delayed_work(). However, that
> function does not wait until the work function finishes. This means
> that the callback function may still be running after the driver's
> remove function has finished, which would result in a use-after-free.
>
> Fix by calling cancel_delayed_work_sync(), which ensures that
> the work is properly cancelled, no longer running, and unable
> to re-schedule itself.
>
> Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
> Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
> ---
> drivers/power/supply/s3c_adc_battery.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx>

Best regards,
Krzysztof

Next message: Borislav Petkov: "Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB"
Previous message: Matthew Wilcox: "Re: [PATCH 1/3] fsdax: Factor helpers to simplify dax fault code"
In reply to: Yang Yingliang: "[PATCH -next] power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]