2021-06-23 06:28:57

by Klein, Curtis

[permalink] [raw]
Subject: [PATCH] watchdog: Fix NULL pointer dereference when releasing cdev

watchdog_hrtimer_pretimeout_stop needs the watchdog device to have a
valid pointer to the watchdog core data to stop the pretimeout hrtimer.
Therefore it needs to be called before the pointers are cleared in
watchdog_cdev_unregister.

Fixes: 7b7d2fdc8c3e ("watchdog: Add hrtimer-based pretimeout feature")
Reported-by: Colin Ian King <[email protected]>
Signed-off-by: Curtis Klein <[email protected]>
---
drivers/watchdog/watchdog_dev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
index 3bab324..ffd8f1a 100644
--- a/drivers/watchdog/watchdog_dev.c
+++ b/drivers/watchdog/watchdog_dev.c
@@ -1096,6 +1096,8 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
watchdog_stop(wdd);
}

+ watchdog_hrtimer_pretimeout_stop(wdd);
+
mutex_lock(&wd_data->lock);
wd_data->wdd = NULL;
wdd->wd_data = NULL;
@@ -1103,7 +1105,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)

hrtimer_cancel(&wd_data->timer);
kthread_cancel_work_sync(&wd_data->work);
- watchdog_hrtimer_pretimeout_stop(wdd);

put_device(&wd_data->dev);
}
--
2.7.4


2021-06-23 11:32:50

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH] watchdog: Fix NULL pointer dereference when releasing cdev

On Tue, Jun 22, 2021 at 11:26:23PM -0700, Curtis Klein wrote:
> watchdog_hrtimer_pretimeout_stop needs the watchdog device to have a
> valid pointer to the watchdog core data to stop the pretimeout hrtimer.
> Therefore it needs to be called before the pointers are cleared in
> watchdog_cdev_unregister.
>
> Fixes: 7b7d2fdc8c3e ("watchdog: Add hrtimer-based pretimeout feature")
> Reported-by: Colin Ian King <[email protected]>
> Signed-off-by: Curtis Klein <[email protected]>

Reviewed-by: Guenter Roeck <[email protected]>

> ---
> drivers/watchdog/watchdog_dev.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
> index 3bab324..ffd8f1a 100644
> --- a/drivers/watchdog/watchdog_dev.c
> +++ b/drivers/watchdog/watchdog_dev.c
> @@ -1096,6 +1096,8 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
> watchdog_stop(wdd);
> }
>
> + watchdog_hrtimer_pretimeout_stop(wdd);
> +
> mutex_lock(&wd_data->lock);
> wd_data->wdd = NULL;
> wdd->wd_data = NULL;
> @@ -1103,7 +1105,6 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
>
> hrtimer_cancel(&wd_data->timer);
> kthread_cancel_work_sync(&wd_data->work);
> - watchdog_hrtimer_pretimeout_stop(wdd);
>
> put_device(&wd_data->dev);
> }
> --
> 2.7.4
>