20 Jan
2021
20 Jan
'21
3:44 p.m.
On Wed, 2021-01-20 at 07:18 -0700, Simon Glass wrote:
Hi Nicolas,
On Wed, 20 Jan 2021 at 07:04, Nicolas Saenz Julienne nsaenzjulienne@suse.de wrote:
With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles') introduces a use after free in usb_kbd_remove():
- usbkbd's stdio device is de-registered with stdio_deregister_dev(),
the struct stdio_dev is freed.
- iomux_doenv() is called, usbkbd removed from the console list, and
console_stop() is called on the struct stdio_dev pointer that no longer exists.
This series mitigates this by making sure the pointer is really a stdio device prior performing the stop operation. It's not ideal, but I couldn't figure out a nicer way to fix this.
Your 'from' address is coming through as just your email. Could you please update it to include your name as well?
OK, do you want me to re-send the series?