Hi Nicolas,
On Wed, 20 Jan 2021 at 07:04, Nicolas Saenz Julienne nsaenzjulienne@suse.de wrote:
With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles') introduces a use after free in usb_kbd_remove():
usbkbd's stdio device is de-registered with stdio_deregister_dev(), the struct stdio_dev is freed.
iomux_doenv() is called, usbkbd removed from the console list, and console_stop() is called on the struct stdio_dev pointer that no longer exists.
This series mitigates this by making sure the pointer is really a stdio device prior performing the stop operation. It's not ideal, but I couldn't figure out a nicer way to fix this.
Your 'from' address is coming through as just your email. Could you please update it to include your name as well?
Regards, Simon