meson_drv_unbind() doesn't unregister the IRQ handler, which can lead to
use-after-free if the IRQ fires after unbind:
[ 64.656876] Unable to handle kernel paging request at virtual address
11706dbc
...
[ 64.662001] pc : meson_irq+0x18/0x30 [meson_drm]
I'm assuming that a similar
Hi Jean-Philippe,
Le 22/03/2019 16:26, Jean-Philippe Brucker a écrit :
> meson_drv_unbind() doesn't unregister the IRQ handler, which can lead to
> use-after-free if the IRQ fires after unbind:
>
> [ 64.656876] Unable to handle kernel paging request at virtual address
> 11706dbc
> ...
