[lm-sensors] [PATCH v3] MAX1111: Fix Race condition causing NULL pointer exception

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

From: broonie@opensource.wolfsonmicro.com (Mark Brown)
To: linux-arm-kernel@lists.infradead.org
Subject: [lm-sensors] [PATCH v3] MAX1111: Fix Race condition causing NULL pointer exception
Date: Tue, 12 Jul 2011 09:22:17 +0100	[thread overview]
Message-ID: <20110712082217.GA16141@sirena.org.uk> (raw)
In-Reply-To: <1628512.b7CSRB10BJ@bloomfield>

On Tue, Jul 12, 2011 at 10:04:55AM +0200, Pavel Herrmann wrote:
> On Tuesday 12 of July 2011 09:36:06 Jean Delvare wrote:

> > Honestly, I have no idea what "causing one thread having pointers to
> > memory on or above other threads stack" means (nor why this would be
> > bad.)

> the long-winded story is that thread A writes a pointer onto its stack into 
> the drvdata as part of spi_sync call, then thread B comes in and puts a 
> pointer onto its stack into the drvdata, at the end of spi_sync thread A uses 
> this pointer (assuming it is unchanged), which is pointing either onto valid 
> stack of thread B or somewhere above it (if thread B already returned)

That's just a use after free bug, the fact that the variables are on the
stacks of other threads isn't the issue, the issue is that the two
threads that are sharing state arne't properly synchronized.

next prev parent reply	other threads:[~2011-07-12  8:22 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-11 21:50 [PATCH v3] MAX1111: Fix Race condition causing NULL pointer exception Pavel Herrmann
2011-07-12  7:36 ` Jean Delvare
2011-07-12  8:04   ` Pavel Herrmann
2011-07-12  8:22     ` Mark Brown [this message]
2011-07-12  8:40     ` Jean Delvare

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110712082217.GA16141@sirena.org.uk \
    --to=broonie@opensource.wolfsonmicro.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox