On Fri, Aug 23, 2019 at 02:11:28PM +0000, Schmid, Carsten wrote: > Using managed device resources in usb_hcd_pci_probe() allows devm usage for > resource subranges, such as the mmio resource for the platform device > created to control host/device mode mux, which is a xhci extended > capability, and sits inside the xhci mmio region. > > If managed device resources are not used then "parent" resource > is released before subrange at driver removal as .remove callback is > called before the devres list of resources for this device is walked > and released. > > This has been observed with the xhci extended capability driver causing a > use-after-free which is now fixed. > > An additional nice benefit is that error handling on driver initialisation > is simplified much. > > Signed-off-by: Carsten Schmid <carsten_schmid@xxxxxxxxxx> > Tested-by: Carsten Schmid <carsten_schmid@xxxxxxxxxx> > --- > Rationale: > Use-after-free was reproduced on 4.14.102 and 4.14.129 kernel > using unbind mechanism. > echo 0000:00:15.0 > /sys/bus/pci/drivers/xhci_hcd/unbind > > Upstream version of driver is identical in the affected code. > Fix was tested successfully on 4.14.129. > Provided patch applies and compiles on v5.2.8 stable. > As this is also a bugfix, please consider it to go to stable trees too. How far back should it go, just 4.14? Was this caused by a specific commit that you happened to notice? thanks, greg k-h
