git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	James Kim <james010kim@gmail.com>
	Sun, 3 May 2026 10:11:31 +0000 (19:11 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 23 May 2026 11:47:33 +0000 (13:47 +0200)
commit	bbf003b7794d6ad6f939fdd29f1f1bde8ac554c1
tree	2fb72028c3cbbb32ffef52520624dbd2514873b5	tree \| snapshot
parent	314e01d7f67aaa72617aa5e88e4fea09373bd04d	commit \| diff

char: tlclk: fix use-after-free in tlclk_cleanup()

This patch improves the module cleanup process in the tlclk driver to
prevent potential use-after-free and race conditions.

Currently, the file_operations structure does not specify the .owner
field, which could allow the module to be unloaded while user-space
processes are still interacting with the device. Additionally, the
tlclk_cleanup() function frees the alarm_events memory before ensuring
that blocked processes in the waitqueue are fully awakened and that the
switchover_timer has completed.

To address these cases, this patch:
- Sets '.owner = THIS_MODULE' in tlclk_fops to safely defer module
  unloading while the device is in use.
- Updates tlclk_cleanup() to explicitly wake up all blocked readers
  (wake_up_all), properly release hardware I/O regions, and safely
  delete the timer (timer_delete_sync) prior to freeing memory.

Fixes: 1a80ba882730 ("[PATCH] Telecom Clock Driver for MPCBL0010 ATCA computer blade")
Signed-off-by: James Kim <james010kim@gmail.com>
Link: https://patch.msgid.link/20260503101131.64219-1-james010kim@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>