[Openipmi-developer] [PATCH v2 1/5] ipmi: ssif_bmc: cancel response timer on remove

[Jian Zhang via Openipmi-developer]

The response timer can stay armed across device teardown. If it fires after
remove, the callback dereferences the SSIF context and the i2c client after
teardown has started.

Cancel the timer in remove so the callback cannot run after the device is
unregistered.

Signed-off-by: Jian Zhang <zhangjian.3...@bytedance.com>
---
v2: use timer_delete_sync() to cancel the timer

 drivers/char/ipmi/ssif_bmc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
index 7a52e3ea49ed..dc1d5bb4a460 100644
--- a/drivers/char/ipmi/ssif_bmc.c
+++ b/drivers/char/ipmi/ssif_bmc.c
@@ -843,6 +843,7 @@ static void ssif_bmc_remove(struct i2c_client *client)
 {
        struct ssif_bmc_ctx *ssif_bmc = i2c_get_clientdata(client);
 
+       timer_delete_sync(&ssif_bmc->response_timer);
        i2c_slave_unregister(client);
        misc_deregister(&ssif_bmc->miscdev);
 }
-- 
2.20.1


_______________________________________________
Openipmi-developer mailing list
Openipmi-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openipmi-developer