On 02/29/2016 11:41 AM, Greg KH wrote: > On Mon, Feb 29, 2016 at 11:06:55AM -0500, Joe Lawrence wrote: >> Hi Alan, Changbin, Xenia, >> >> I've twice encountered a crash on system reboot in usb_disable_device >> that looks to be a bos descriptor use-after-free. >> >> The machine in question is running a 4.5-rc5 kernel > > Please use 4.5-rc6, a fix for this went into that kernel release. > > Sorry about that. Thanks, Greg. I'll upgrade and update if I see any other issues. For those following along (and potentially re-working "usb: hub: do not clear BOS field during reset device" in the future), I think setting udev->bos to NULL at the beginning of usb_reset_and_verify_device is important its the error path cases. Otherwise, it's possible to inadvertently release udev->bos and restore the pointer to now freed space. Regards, -- Joe -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
