Message ID | dcb65e66acd1a50d65635b35d0d340846c7d10c7.1627575359.git.christophe.jaillet@wanadoo.fr |
---|---|
State | New |
Headers | show |
Series | watchdog: Fix an invalid memory access in 'watchdog_cdev_unregister()' | expand |
On 7/29/21 9:16 AM, Christophe JAILLET wrote: > A few lines before 'watchdog_hrtimer_pretimeout_stop(wdd)', we explicitly > set 'wdd->wd_data' to NULL. > So, it is more than likely than this call will lead to an invalid > memory access. > > Move this call before the 'wdd->wd_data = NULL;' > > Fixes: 7b7d2fdc8c3e ("watchdog: Add hrtimer-based pretimeout feature") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > Completely untested! > Not sure at all, that it is the way to fix it. Nice catch. Should be ok. Reviewed-by: Guenter Roeck <linux@roeck-us.net> > --- > drivers/watchdog/watchdog_dev.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c > index 3bab32485273..ffd8f1a82355 100644 > --- a/drivers/watchdog/watchdog_dev.c > +++ b/drivers/watchdog/watchdog_dev.c > @@ -1096,6 +1096,8 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) > watchdog_stop(wdd); > } > > + watchdog_hrtimer_pretimeout_stop(wdd); > + > mutex_lock(&wd_data->lock); > wd_data->wdd = NULL; > wdd->wd_data = NULL; > @@ -1103,7 +1105,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) > > hrtimer_cancel(&wd_data->timer); > kthread_cancel_work_sync(&wd_data->work); > - watchdog_hrtimer_pretimeout_stop(wdd); > > put_device(&wd_data->dev); > } >
diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index 3bab32485273..ffd8f1a82355 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -1096,6 +1096,8 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) watchdog_stop(wdd); } + watchdog_hrtimer_pretimeout_stop(wdd); + mutex_lock(&wd_data->lock); wd_data->wdd = NULL; wdd->wd_data = NULL; @@ -1103,7 +1105,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) hrtimer_cancel(&wd_data->timer); kthread_cancel_work_sync(&wd_data->work); - watchdog_hrtimer_pretimeout_stop(wdd); put_device(&wd_data->dev); }
A few lines before 'watchdog_hrtimer_pretimeout_stop(wdd)', we explicitly set 'wdd->wd_data' to NULL. So, it is more than likely than this call will lead to an invalid memory access. Move this call before the 'wdd->wd_data = NULL;' Fixes: 7b7d2fdc8c3e ("watchdog: Add hrtimer-based pretimeout feature") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- Completely untested! Not sure at all, that it is the way to fix it. --- drivers/watchdog/watchdog_dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)