From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: Sven Van Asbroeck <thesven73@gmail.com>
Cc: linux-input@vger.kernel.org, Tejun Heo <tj@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Input: matrix_keypad - use flush_delayed_work()
Date: Mon, 11 Feb 2019 00:29:02 -0800 [thread overview]
Message-ID: <20190211082902.GA95126@dtor-ws> (raw)
In-Reply-To: <CAGngYiXytDjjAVh_gAaqJa0qLZAM-cTko92s6=PjS4tjZMvfHg@mail.gmail.com>
Hi Sven,
On Sun, Feb 10, 2019 at 12:43:21PM -0500, Sven Van Asbroeck wrote:
> Hi Dmitry,
>
> On Thu, Feb 7, 2019 at 5:46 PM Dmitry Torokhov
> <dmitry.torokhov@gmail.com> wrote:
> >
> > We should be using flush_delayed_work() instead of flush_work() in
> > matrix_keypad_stop() to ensure that we are not missing work that is
> > scheduled but not yet put in the workqueue (i.e. its delay timer has not
> > expired yet).
> >
>
> Could the following scenario cause a use-after-free?
> (I am adding comments on lines starting with -->)
>
> a) user closes the device handle:
>
> static void matrix_keypad_stop(struct input_dev *dev)
> {
> struct matrix_keypad *keypad = input_get_drvdata(dev);
>
> spin_lock_irq(&keypad->lock);
> keypad->stopped = true;
> spin_unlock_irq(&keypad->lock);
>
> flush_work(&keypad->work.work);
> -->
> --> new interrupt comes in, and schedules new delayed keypad->work (1)
It will not schedule new work because we check keypad->stopped flag
in ISR.
Thanks.
--
Dmitry
next prev parent reply other threads:[~2019-02-11 8:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-07 22:46 [PATCH] Input: matrix_keypad - use flush_delayed_work() Dmitry Torokhov
2019-02-10 17:43 ` Sven Van Asbroeck
2019-02-11 8:29 ` Dmitry Torokhov [this message]
2019-02-11 12:42 ` Sven Van Asbroeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190211082902.GA95126@dtor-ws \
--to=dmitry.torokhov@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thesven73@gmail.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).