[PATCH v4] firmware_loader: fix use-after-free in firmware_fallback_sysfs
Hillf Danton
hdanton at sina.com
Thu May 20 03:52:28 UTC 2021
On Thu, 20 May 2021 00:26:12 +0530 Anirudh Rayabharam wrote:
>On Wed, May 19, 2021 at 05:10:47PM +0800, Hillf Danton wrote:
>>
>> Fine, apart from what you are fixing, you are adding something like
>> finish_wait() into the waker's backyard. Why are you calling
>> complete_all() on the waiter side?
>
>Sorry, I don't really get your point here. I did not add complete_all().
>It was already there. Could you please elaborate?
If a simple pattern works for you,
mutex_lock(&fw_lock);
list_add(&fw_priv->pending_list, &pending_fw_head);
mutex_unlock(&fw_lock);
retval = fw_sysfs_wait_timeout(fw_priv, timeout);
mutex_lock(&fw_lock);
list_del_init(&fw_priv->pending_list);
mutex_unlock(&fw_lock);
device_del(f_dev);
put_device(f_dev);
return retval;
add a followup cleanup to cut off the list_del on the waker side instead of
putting a spanner in their work that is completing all waiters.
More information about the Linux-kernel-mentees
mailing list