Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1374884imm; Tue, 2 Oct 2018 07:16:42 -0700 (PDT) X-Google-Smtp-Source: ACcGV62senq2gWO1r2Sme2fgg9V7rLm+TupOxFUQNII48yNg1fMP1uDyvIz2IJFRvSBCuZsAwAWf X-Received: by 2002:a63:e505:: with SMTP id r5-v6mr14694289pgh.170.1538489802840; Tue, 02 Oct 2018 07:16:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538489802; cv=none; d=google.com; s=arc-20160816; b=iLgyMtZSq2vQGG6d8pITdkyBpDZv7VMRudFnx7UpnbML2rcauJdAVOniFijILmTiNs McZlnHerZs3eoH9SGtoX/7eSnOXsOledPXWlUUT5pyz2UY0kYKT1zyt/FYa4yPZfzAJu mQTBY2tJsQxFFvRqfKu7BjKGHEsRRPKKm5Ku47jbu6ObRvrSwDuguacm87lHykuZtQmn nOLjR13eruyU6qGMpfPH/BJpAVLKAl0MeEvFAb4nW6w4BWaL8wlkCBHPmMQ+e7ZcoMoe ExwWSyFnXul0xPvTmGTcn9QKPw0FUTIE/5JpUhak8sWmHHELT6B0XkUwQ2hf7CCTndGd Gu/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=H7yTzroPgEgIS72aNyyk0Cpbi5dLzL20MjSGZ3NvBdE=; b=WhIzEZpAn9CjEcKcmytkkADquMlZOjds8b9op+bsDCf4FldLe4xdOPvDUhI8Mf8NtG Xr95LojE7yvUYJrOf+1SSCqQLoyqvDsDS+wAi4mmEiaoejHbudYFxs7VcA0J/PNdGIHH 8oJfF4CNSubvJydGUEJWYytvGKhBQ+y+gqUDxYDJaP5cgGt3GX8dxTnWgJGWWkdsLFBK ajb5Qr2JK6Jl9GaTFFkNwrtMdPstNjljP/Doigrziq/4lBnDGqZMPDDwmNUi+JOj2qvS ZfmzMVAwaCF2BdOhusFNvaF80E6zj5cPO11Zd2MVdASFxxjF4PVBTzitGPB7tJjSMCm9 YXlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h69-v6si15195384pfc.121.2018.10.02.07.16.27; Tue, 02 Oct 2018 07:16:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728231AbeJBU7I (ORCPT + 99 others); Tue, 2 Oct 2018 16:59:08 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:59872 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727011AbeJBUJ6 (ORCPT ); Tue, 2 Oct 2018 16:09:58 -0400 Received: from localhost (24-104-73-23-ip-static.hfc.comcastbusiness.net [24.104.73.23]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 306DFC11; Tue, 2 Oct 2018 13:26:37 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Stefan=20Br=C3=BCns?= , Jonathan Cameron , Akinobu Mita , Jonathan Cameron , Sasha Levin Subject: [PATCH 4.18 002/228] iio: adc: ina2xx: avoid kthread_stop() with stale task_struct Date: Tue, 2 Oct 2018 06:21:39 -0700 Message-Id: <20181002132459.196066581@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181002132459.032960735@linuxfoundation.org> References: <20181002132459.032960735@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Akinobu Mita [ Upstream commit 7d6cd21d82bacab2d1786fe5e989e4815b75d9a3 ] When the buffer is enabled for ina2xx driver, a dedicated kthread is invoked to capture mesurement data. When the buffer is disabled, the kthread is stopped. However if the kthread gets register access errors, it immediately exits and when the malfunctional buffer is disabled, the stale task_struct pointer is accessed as there is no kthread to be stopped. A similar issue in the usbip driver is prevented by kthread_get_run and kthread_stop_put helpers by increasing usage count of the task_struct. This change applies the same solution. Cc: Stefan BrĂ¼ns Cc: Jonathan Cameron Signed-off-by: Akinobu Mita Fixes: c43a102e67db ("iio: ina2xx: add support for TI INA2xx Power Monitors") Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/iio/adc/ina2xx-adc.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) --- a/drivers/iio/adc/ina2xx-adc.c +++ b/drivers/iio/adc/ina2xx-adc.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -826,6 +827,7 @@ static int ina2xx_buffer_enable(struct i { struct ina2xx_chip_info *chip = iio_priv(indio_dev); unsigned int sampling_us = SAMPLING_PERIOD(chip); + struct task_struct *task; dev_dbg(&indio_dev->dev, "Enabling buffer w/ scan_mask %02x, freq = %d, avg =%u\n", (unsigned int)(*indio_dev->active_scan_mask), @@ -835,11 +837,17 @@ static int ina2xx_buffer_enable(struct i dev_dbg(&indio_dev->dev, "Async readout mode: %d\n", chip->allow_async_readout); - chip->task = kthread_run(ina2xx_capture_thread, (void *)indio_dev, - "%s:%d-%uus", indio_dev->name, indio_dev->id, - sampling_us); + task = kthread_create(ina2xx_capture_thread, (void *)indio_dev, + "%s:%d-%uus", indio_dev->name, indio_dev->id, + sampling_us); + if (IS_ERR(task)) + return PTR_ERR(task); + + get_task_struct(task); + wake_up_process(task); + chip->task = task; - return PTR_ERR_OR_ZERO(chip->task); + return 0; } static int ina2xx_buffer_disable(struct iio_dev *indio_dev) @@ -848,6 +856,7 @@ static int ina2xx_buffer_disable(struct if (chip->task) { kthread_stop(chip->task); + put_task_struct(chip->task); chip->task = NULL; }