On Mon, Oct 08, 2012 at 11:32:44PM +0200, Markus Schauler wrote: > Meanwhile, after many re-compliles: > > > 0998d0631001288a5974afc0b2a5f568bcdecb4d is the first bad commit > commit 0998d0631001288a5974afc0b2a5f568bcdecb4d > Author: Hans de Goede <hdegoede@xxxxxxxxxx> > Date: Wed May 23 00:09:34 2012 +0200 > > device-core: Ensure drvdata = NULL when no driver is bound > > 1) drvdata is for a driver to store a pointer to driver specific data > 2) If no driver is bound, there is no driver specific data associated with > the device > 3) Thus logically drvdata should be NULL if no driver is bound. > > But many drivers don't clear drvdata on device_release, or set drvdata > early on in probe and leave it set on probe error. Both of which results > in a dangling pointer in drvdata. > > This patch enforce for drvdata to be NULL after device_release or on probe > failure. > > Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > :040000 040000 5055297c714694c0db0d62d4789c682eef6e34c7 > 7ef2e8ebdb41f2889ea4231b11e5ce068d505ae9 M drivers Ugh, that "simple" patch has turned up more bugs in drivers than anything I know of in recent history. Trying Alan's patch out would be great to see if it works or not. If not, there's a use-after-free somewhere that I'll have to dig to find... Let us know how it goes, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
