On Tue, 31 Jul 2012, Lars-Peter Clausen wrote:
> Hi,
>
> On 07/31/2012 12:09 PM, Julia Lawall wrote:
> > From: Julia Lawall <julia.law...@lip6.fr>
> > @@ -720,20 +698,14 @@ error_ret:
> > static int __devexit at91_adc_remove(struct platform_device *pdev)
> > {
> > struct iio_dev *idev = platform_get_drvdata(pdev);
> > - struct resource *res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
> > struct at91_adc_state *st = iio_priv(idev);
> >
> > iio_device_unregister(idev);
> > [...]
> > - free_irq(st->irq, idev);
> > [...]
> > iio_device_free(idev);
>
> I think we have to be careful here. The interrupted is now freed after the
> device has been freed, which means that it could trigger after the device
> has been freed. And since we use the device in the interrupt handler we'll
> get a use after free.
OK, thanks for the feedback. I'll try again, and un-devm_ this function.
julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
