Christian Lamparter <chunkeey@xxxxxxxxx> wrote: > This patch follows Alan Stern's recent patch: > "p54: Fix race between disconnect and firmware loading" > > that overhauled carl9170 buggy firmware loading and driver > unbinding procedures. > > Since the carl9170 code was adapted from p54 it uses the > same functions and is likely to have the same problem, but > it's just that the syzbot hasn't reproduce them (yet). > > a summary from the changes (copied from the p54 patch): > * Call usb_driver_release_interface() rather than > device_release_driver(). > > * Lock udev (the interface's parent) before unbinding the > driver instead of locking udev->parent. > > * During the firmware loading process, take a reference > to the USB interface instead of the USB device. > > * Don't take an unnecessary reference to the device during > probe (and then don't drop it during disconnect). > > and > > * Make sure to prevent use-after-free bugs by explicitly > setting the driver context to NULL after signaling the > completion. > > Cc: <stable@xxxxxxxxxxxxxxx> > Cc: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Christian Lamparter <chunkeey@xxxxxxxxx> > Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> Patch applied to ath-next branch of ath.git, thanks. feb09b293327 carl9170: fix misuse of device driver API -- https://patchwork.kernel.org/patch/10983223/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
