On Thu, Jul 30, 2020 at 03:28:09AM +0000, Peter Chen wrote: > On 20-07-29 16:22:31, Alan Stern wrote: > > Abusing the kernel's device model, some UDC drivers (including > > dwc3 and cdns3) register and unregister their gadget structures > > multiple times. This is strictly forbidden; device structures may not > > be reused. > > Register and unregister gadget structures multiple times should be > allowed if we pass a clean (zeroed) gadget device structure. I checked > the cdns3 code (cdns3_gadget_start), it always zeroed struct usb_gadget > before calling usb_add_gadget_udc when start device mode. How do you "know" that the structure really was properly freed/released by the driver core at that point in time? That's the issue, even if you do unregister it, the driver core, or any other part of the kernel, can hold on to the memory for an unbounded amount of time, due to the fact that this is a reference counted pointer. So please, never "recycle" memory structures like this. The documentation for the kernel explicitly says "do not do this!" thanks, greg k-h
