Re: [PATCH 2/2] input - leds: fix input_led_disconnect path
From: Samuel Thibault
Date: Thu Dec 14 2017 - 19:19:59 EST
Benjamin Tissoires, on jeu. 14 dÃc. 2017 14:25:22 +0100, wrote:
> Before unregistering the led classes, we have to be sure there is no
> more events in the input pipeline.
> Closing the input node before removing the led classes flushes the
> pipeline and this prevents segfaults.
>
> Found with https://github.com/whot/fuzzydevice
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=197679
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
input_close_device does run synchronize_rcu() which we seem to have to
process before freeing the rest indeed. Thus,
Acked-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
(though AFAIK it doesn't apply on the mainline tree)
> ---
> drivers/input/input-leds.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/input/input-leds.c b/drivers/input/input-leds.c
> index c86eb3d648bf..8aefcc186a02 100644
> --- a/drivers/input/input-leds.c
> +++ b/drivers/input/input-leds.c
> @@ -211,6 +211,7 @@ static void input_leds_disconnect(struct input_handle *handle)
> int i;
>
> cancel_delayed_work_sync(&leds->init_work);
> + input_close_device(handle);
>
> for (i = 0; i < leds->num_leds; i++) {
> struct input_led *led = &leds->leds[i];
> @@ -219,7 +220,6 @@ static void input_leds_disconnect(struct input_handle *handle)
> kfree(led->cdev.name);
> }
>
> - input_close_device(handle);
> input_unregister_handle(handle);
>
> kfree(leds);
> --
> 2.14.3
>