Benjamin Tissoires, on jeu. 14 déc. 2017 14:25:22 +0100, wrote: > Before unregistering the led classes, we have to be sure there is no > more events in the input pipeline. > Closing the input node before removing the led classes flushes the > pipeline and this prevents segfaults. > > Found with https://github.com/whot/fuzzydevice > Link: https://bugzilla.kernel.org/show_bug.cgi?id=197679 > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> input_close_device does run synchronize_rcu() which we seem to have to process before freeing the rest indeed. Thus, Acked-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> (though AFAIK it doesn't apply on the mainline tree) > --- > drivers/input/input-leds.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/input/input-leds.c b/drivers/input/input-leds.c > index c86eb3d648bf..8aefcc186a02 100644 > --- a/drivers/input/input-leds.c > +++ b/drivers/input/input-leds.c > @@ -211,6 +211,7 @@ static void input_leds_disconnect(struct input_handle *handle) > int i; > > cancel_delayed_work_sync(&leds->init_work); > + input_close_device(handle); > > for (i = 0; i < leds->num_leds; i++) { > struct input_led *led = &leds->leds[i]; > @@ -219,7 +220,6 @@ static void input_leds_disconnect(struct input_handle *handle) > kfree(led->cdev.name); > } > > - input_close_device(handle); > input_unregister_handle(handle); > > kfree(leds); > -- > 2.14.3 >