On Thu, Jul 30, 2020 at 07:19:04AM +0200, Greg KH wrote: > On Thu, Jul 30, 2020 at 03:28:09AM +0000, Peter Chen wrote: > > On 20-07-29 16:22:31, Alan Stern wrote: > > > Abusing the kernel's device model, some UDC drivers (including > > > dwc3 and cdns3) register and unregister their gadget structures > > > multiple times. This is strictly forbidden; device structures may not > > > be reused. > > > > Register and unregister gadget structures multiple times should be > > allowed if we pass a clean (zeroed) gadget device structure. I checked > > the cdns3 code (cdns3_gadget_start), it always zeroed struct usb_gadget > > before calling usb_add_gadget_udc when start device mode. > > How do you "know" that the structure really was properly freed/released > by the driver core at that point in time? > > That's the issue, even if you do unregister it, the driver core, or any > other part of the kernel, can hold on to the memory for an unbounded > amount of time, due to the fact that this is a reference counted > pointer. In theory, you can know that the driver core is done using a structure if you wait for the release routine to run. But of course, that can mean you have to wait an indefinitely long time. Alan Stern > So please, never "recycle" memory structures like this. The > documentation for the kernel explicitly says "do not do this!" > > thanks, > > greg k-h
