From: Zekun Shen <[email protected]> Date: Mon, 15 Jun 2020 11:50:29 -0400
> There is a race condition exist during termination. The path is > alx_stop and then alx_remove. An alx_schedule_link_check could be called > before alx_stop by interrupt handler and invoke alx_link_check later. > Alx_stop frees the napis, and alx_remove cancels any pending works. > If any of the work is scheduled before termination and invoked before > alx_remove, a null-ptr-deref occurs because both expect alx->napis[i]. > > This patch fix the race condition by moving cancel_work_sync functions > before alx_free_napis inside alx_stop. Because interrupt handler can call > alx_schedule_link_check again, alx_free_irq is moved before > cancel_work_sync calls too. > > Signed-off-by: Zekun Shen <[email protected]> Applied, thank you.
