| Message ID | 20180828101348.12443-2-wsa+renesas@sang-engineering.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Geert Uytterhoeven |
| Headers | show |
| Series | watchdog: fix OOPS when using stop_on_unregister and use it for R-Car | expand |
On 08/28/2018 03:13 AM, Wolfram Sang wrote: > watchdog_stop() calls watchdog_update_worker() which needs a valid > wdd->wd_data pointer. So, when unregistering the cdev, clear the > pointers after we call watchdog_stop(), not before. > > Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper") > Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> > --- > drivers/watchdog/watchdog_dev.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c > index ffbdc4642ea5..f6c24b22b37c 100644 > --- a/drivers/watchdog/watchdog_dev.c > +++ b/drivers/watchdog/watchdog_dev.c > @@ -1019,16 +1019,16 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) > old_wd_data = NULL; > } > > - mutex_lock(&wd_data->lock); > - wd_data->wdd = NULL; > - wdd->wd_data = NULL; > - mutex_unlock(&wd_data->lock); > - > if (watchdog_active(wdd) && > test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) { > watchdog_stop(wdd); > } > > + mutex_lock(&wd_data->lock); > + wd_data->wdd = NULL; > + wdd->wd_data = NULL; > + mutex_unlock(&wd_data->lock); > + > hrtimer_cancel(&wd_data->timer); > kthread_cancel_work_sync(&wd_data->work); > >
> Subject: [PATCH 1/2] watchdog: core: fix null pointer dereference when releasing cdev > > watchdog_stop() calls watchdog_update_worker() which needs a valid > wdd->wd_data pointer. So, when unregistering the cdev, clear the > pointers after we call watchdog_stop(), not before. > > Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper") > Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Reviewed-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com> > --- > drivers/watchdog/watchdog_dev.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c > index ffbdc4642ea5..f6c24b22b37c 100644 > --- a/drivers/watchdog/watchdog_dev.c > +++ b/drivers/watchdog/watchdog_dev.c > @@ -1019,16 +1019,16 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) > old_wd_data = NULL; > } > > -mutex_lock(&wd_data->lock); > -wd_data->wdd = NULL; > -wdd->wd_data = NULL; > -mutex_unlock(&wd_data->lock); > - > if (watchdog_active(wdd) && > test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) { > watchdog_stop(wdd); > } > > +mutex_lock(&wd_data->lock); > +wd_data->wdd = NULL; > +wdd->wd_data = NULL; > +mutex_unlock(&wd_data->lock); > + > hrtimer_cancel(&wd_data->timer); > kthread_cancel_work_sync(&wd_data->work); > > -- > 2.11.0 Renesas Electronics Europe Ltd, Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire, SL8 5FH, UK. Registered in England & Wales under Registered No. 04586709.
diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index ffbdc4642ea5..f6c24b22b37c 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -1019,16 +1019,16 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) old_wd_data = NULL; } - mutex_lock(&wd_data->lock); - wd_data->wdd = NULL; - wdd->wd_data = NULL; - mutex_unlock(&wd_data->lock); - if (watchdog_active(wdd) && test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) { watchdog_stop(wdd); } + mutex_lock(&wd_data->lock); + wd_data->wdd = NULL; + wdd->wd_data = NULL; + mutex_unlock(&wd_data->lock); + hrtimer_cancel(&wd_data->timer); kthread_cancel_work_sync(&wd_data->work);
watchdog_stop() calls watchdog_update_worker() which needs a valid wdd->wd_data pointer. So, when unregistering the cdev, clear the pointers after we call watchdog_stop(), not before. Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper") Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> --- drivers/watchdog/watchdog_dev.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)