From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bruno =?UTF-8?B?UHLDqW1vbnQ=?= Date: Thu, 02 Jun 2011 18:18:57 +0000 Subject: Re: [Patch 1/2] Fix use-after-free by vga16fb on rmmod Message-Id: <20110602201857.3056aeda@neptune.home> List-Id: References: <20110524215917.4b01df45@neptune.home> In-Reply-To: <20110524215917.4b01df45@neptune.home> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: linux-fbdev@vger.kernel.org Hi Paul, On Tue, 24 May 2011 Bruno Prémont wrote: > Since fb_info is now refcounted and thus may get freed at any time it > gets unregistered module unloading will try to unregister framebuffer > as stored in platform data on probe though this pointer may > be stale. > > Cleanup platform data on framebuffer release. > > CC: stable@kernel.org > Signed-off-by: Bruno Prémont > --- > This should also go into 2.6.39 stable as it didn't make it into 2.6.39 > with the rest of fb_info refcounting work. > > This comes from > [2.6.39-rc2, framebuffer] use after free oops > ... > [PATCH 0/2] fbcon sanity > thread Any chance of applying these two patches? I've had no feedback from you on them and they don't show up in your tree. Bruno