From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92DFDC4320A for ; Thu, 29 Jul 2021 16:17:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7EC9360E9B for ; Thu, 29 Jul 2021 16:17:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230300AbhG2QRG (ORCPT ); Thu, 29 Jul 2021 12:17:06 -0400 Received: from smtp11.smtpout.orange.fr ([80.12.242.133]:53539 "EHLO smtp.smtpout.orange.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229565AbhG2QRF (ORCPT ); Thu, 29 Jul 2021 12:17:05 -0400 Received: from localhost.localdomain ([86.243.172.93]) by mwinf5d46 with ME id b4Gz2500421Fzsu034GzEF; Thu, 29 Jul 2021 18:17:00 +0200 X-ME-Helo: localhost.localdomain X-ME-Auth: Y2hyaXN0b3BoZS5qYWlsbGV0QHdhbmFkb28uZnI= X-ME-Date: Thu, 29 Jul 2021 18:17:00 +0200 X-ME-IP: 86.243.172.93 From: Christophe JAILLET To: wim@linux-watchdog.org, linux@roeck-us.net, curtis.klein@hpe.com Cc: linux-watchdog@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, Christophe JAILLET Subject: [PATCH] watchdog: Fix an invalid memory access in 'watchdog_cdev_unregister()' Date: Thu, 29 Jul 2021 18:16:58 +0200 Message-Id: X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A few lines before 'watchdog_hrtimer_pretimeout_stop(wdd)', we explicitly set 'wdd->wd_data' to NULL. So, it is more than likely than this call will lead to an invalid memory access. Move this call before the 'wdd->wd_data = NULL;' Fixes: 7b7d2fdc8c3e ("watchdog: Add hrtimer-based pretimeout feature") Signed-off-by: Christophe JAILLET --- Completely untested! Not sure at all, that it is the way to fix it. --- drivers/watchdog/watchdog_dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index 3bab32485273..ffd8f1a82355 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -1096,6 +1096,8 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) watchdog_stop(wdd); } + watchdog_hrtimer_pretimeout_stop(wdd); + mutex_lock(&wd_data->lock); wd_data->wdd = NULL; wdd->wd_data = NULL; @@ -1103,7 +1105,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) hrtimer_cancel(&wd_data->timer); kthread_cancel_work_sync(&wd_data->work); - watchdog_hrtimer_pretimeout_stop(wdd); put_device(&wd_data->dev); } -- 2.30.2