From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D25FDC432C3 for ; Fri, 22 Nov 2019 11:12:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9F3C02070E for ; Fri, 22 Nov 2019 11:12:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574421149; bh=aR+7IWwqhRZDLaMIVikkwQEGC9EKDQlI50+mJ7hE0ok=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=n1hmsekxUlgd6WOvAkP37Ut0pv8l6tENsiaPCnms1eKNbpXAxk41OwoCqeUaVG2Z5 unwufO6mNqrPo9tqo+NFLyCioMkcyOlkB692rPwnAVic9N5sTRV8OhtZdOxq1Aawp1 G0p1law0h9d64Pd2fK/u+8Pts8X7EyEATEbI5hlE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730720AbfKVK5x (ORCPT ); Fri, 22 Nov 2019 05:57:53 -0500 Received: from mail.kernel.org ([198.145.29.99]:47150 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729312AbfKVK5w (ORCPT ); Fri, 22 Nov 2019 05:57:52 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ECB4B20718; Fri, 22 Nov 2019 10:57:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574420271; bh=aR+7IWwqhRZDLaMIVikkwQEGC9EKDQlI50+mJ7hE0ok=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W7nWQ7raXohxYnWuHz6o28vbGo1MQitT4Q5u7dY/y9LHY5ZPAu4z3335SuYdpASl8 DCDIsZ0Bxjumyb3bKf1Mo2isXT+ShIlBzXZnhLu0/GucCk+QKBaTIdpe3penu6xsTe OObPTpNzAILGT+e9yT7OxyEBCbeUc1BHXzwAvICo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wolfram Sang , Fabrizio Castro , Guenter Roeck , Wim Van Sebroeck , Sasha Levin Subject: [PATCH 4.19 050/220] watchdog: core: fix null pointer dereference when releasing cdev Date: Fri, 22 Nov 2019 11:26:55 +0100 Message-Id: <20191122100915.802441612@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191122100912.732983531@linuxfoundation.org> References: <20191122100912.732983531@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Wolfram Sang [ Upstream commit 953b9dd7725bad55a922a35e75bff7bebf7b9978 ] watchdog_stop() calls watchdog_update_worker() which needs a valid wdd->wd_data pointer. So, when unregistering the cdev, clear the pointers after we call watchdog_stop(), not before. Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper") Signed-off-by: Wolfram Sang Reviewed-by: Fabrizio Castro Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin --- drivers/watchdog/watchdog_dev.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index ffbdc4642ea55..f6c24b22b37c0 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -1019,16 +1019,16 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd) old_wd_data = NULL; } - mutex_lock(&wd_data->lock); - wd_data->wdd = NULL; - wdd->wd_data = NULL; - mutex_unlock(&wd_data->lock); - if (watchdog_active(wdd) && test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) { watchdog_stop(wdd); } + mutex_lock(&wd_data->lock); + wd_data->wdd = NULL; + wdd->wd_data = NULL; + mutex_unlock(&wd_data->lock); + hrtimer_cancel(&wd_data->timer); kthread_cancel_work_sync(&wd_data->work); -- 2.20.1