On Mon, Nov 7, 2022 at 10:21 PM Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> wrote: > > On Mon, Nov 07, 2022 at 09:03:06PM +0100, Rafael J. Wysocki wrote: > > From: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx> > > > > Make cmos_do_remove() drop the ACPI RTC fixed event handler so as to > > prevent it from operating on stale data in case the event triggers > > after driver removal. > > > > While at it, make cmos_do_remove() also clear the driver data pointer > > of the device and make cmos_acpi_wake_setup() do that in the error path > > too. > > ... > > > + dev_set_drvdata(dev, NULL); > > > + dev_set_drvdata(dev, NULL); > > Maybe I'm missing something, but the cmos_do_remove() is called by ->remove() > callback of the real drivers (pnp and platform) and device core is already > doing this. So, don't know why you need these calls to be explicit. Good point, but then I guess I should move this patch to the front, because the issue fixed by it may trigger a use-after-free in rtc_handler() already.
