On Tue. 10 déc. 2022 à 20:02, Johan Hovold <johan@xxxxxxxxxx> wrote: > On Sat, Dec 10, 2022 at 06:01:49PM +0900, Vincent Mailhol wrote: > > ems_usb sets the driver's priv data to NULL before waiting for the > > completion of outsdanding urbs. This can results in NULL pointer > > dereference, c.f. [1] and [2]. > > Please stop making hand-wavy claims like this. There is no risk for a > NULL-pointer deference here, and if you think otherwise you need to > explain how that can happen in detail for each driver. Understood. *My* mistake comes from this message from Alan [1]: | But if a driver does make the call, it should be careful to | ensure that the call happens _after_ the driver is finished | using the interface-data pointer. For example, after all | outstanding URBs have completed, if the completion handlers | will need to call usb_get_intfdata(). I did not pay enough attention to the "if the completion handlers will need to call usb_get_intfdata()" part and jumped into the incorrect conclusion that any use of usb_set_intfdata(intf, NULL) before URB completion was erroneous. My deep apologies for all the noise. Please forget this series and one more time, thank you for your patience. [1] https://lore.kernel.org/linux-usb/Y4OD70GD4KnoRk0k@xxxxxxxxxxxxxxxxxxx/
