On Wed, Oct 02, 2019 at 10:10:17AM +0200, Bernd Krumböck wrote:
> My knowledge about the kernel structures are very limited, so please
> appologize the question.
> Can you explain/show me where the use occurs?
The driver privata data is allocated in probe() by alloc_candev():
netdev = alloc_candev(sizeof(struct usb_8dev_priv), MAX_TX_URBS);
...
priv = netdev_priv(netdev);
and is freed in disconnect() along with the candev:
free_candev(priv->netdev);
but the driver was accessing priv after having freed it (the
unlink_all_urbs() call).
Johan
> Am Di., 1. Okt. 2019 um 12:29 Uhr schrieb Johan Hovold <johan@xxxxxxxxxx>:
>
> > The driver was accessing its driver data after having freed it.
> >
> > Fixes: 0024d8ad1639 ("can: usb_8dev: Add support for USB2CAN interface
> > from 8 devices")
> > Cc: stable <stable@xxxxxxxxxxxxxxx> # 3.9
> > Cc: Bernd Krumboeck <b.krumboeck@xxxxxxxxx>
> > Cc: Wolfgang Grandegger <wg@xxxxxxxxxxxxxx>
> > Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> > ---
> > drivers/net/can/usb/usb_8dev.c | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/can/usb/usb_8dev.c
> > b/drivers/net/can/usb/usb_8dev.c
> > index d596a2ad7f78..8fa224b28218 100644
> > --- a/drivers/net/can/usb/usb_8dev.c
> > +++ b/drivers/net/can/usb/usb_8dev.c
> > @@ -996,9 +996,8 @@ static void usb_8dev_disconnect(struct usb_interface
> > *intf)
> > netdev_info(priv->netdev, "device disconnected\n");
> >
> > unregister_netdev(priv->netdev);
> > - free_candev(priv->netdev);
> > -
> > unlink_all_urbs(priv);
> > + free_candev(priv->netdev);
> > }
> >
> > }
> > --
> > 2.23.0
> >
> >
