[PATCH v4] firmware_loader: fix use-after-free in firmware_fallback_sysfs

[Hillf Danton]

On Thu, 20 May 2021 00:26:12 +0530 Anirudh Rayabharam wrote:
>On Wed, May 19, 2021 at 05:10:47PM +0800, Hillf Danton wrote:
>> 
>> Fine, apart from what you are fixing, you are adding something like
>> finish_wait() into the waker's backyard. Why are you calling
>> complete_all() on the waiter side?
>
>Sorry, I don't really get your point here. I did not add complete_all().
>It was already there. Could you please elaborate?

If a simple pattern works for you,

 	mutex_lock(&fw_lock);
 	list_add(&fw_priv->pending_list, &pending_fw_head);
 	mutex_unlock(&fw_lock);

	retval = fw_sysfs_wait_timeout(fw_priv, timeout);

 	mutex_lock(&fw_lock);
	list_del_init(&fw_priv->pending_list);
 	mutex_unlock(&fw_lock);

	device_del(f_dev);
	put_device(f_dev);
	return retval;

add a followup cleanup to cut off the list_del on the waker side instead of
putting a spanner in their work that is completing all waiters.