From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751883AbbHCE6I (ORCPT <rfc822;w@1wt.eu>);
	Mon, 3 Aug 2015 00:58:08 -0400
Received: from mailout3.w1.samsung.com ([210.118.77.13]:56676 "EHLO
	mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750956AbbHCE6F (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 3 Aug 2015 00:58:05 -0400
MIME-version: 1.0
Content-type: text/plain; charset=windows-1252
X-AuditID: cbfec7f5-f794b6d000001495-e1-55bef4d8bf85
Content-transfer-encoding: 8BIT
Message-id: <55BEF4D3.7050903@samsung.com>
Date: Mon, 03 Aug 2015 13:57:55 +0900
From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101
 Thunderbird/31.8.0
To: Jiri Kosina <jkosina@suse.com>, linux-input@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>, sre@kernel.org,
        linux-pm@vger.kernel.org, "H.J. Lu" <hjl.tools@gmail.com>,
        stable@vger.kernel.org
Subject: Re: [PATCH v2] HID: hid-input: Fix accessing freed memory during
 device disconnect
References: <1438560081-23055-1-git-send-email-k.kozlowski@samsung.com>
In-reply-to: <1438560081-23055-1-git-send-email-k.kozlowski@samsung.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrALMWRmVeSWpSXmKPExsVy+t/xa7o3vuwLNZi/xsbi8KIXjBbb1x1m
	tmjatpjR4vULQ4ubn76xWlzeNYfN4nPvEUaL07tLLBZsfMTowOmxc9Zddo9NqzrZPPq2rGL0
	WL/lKovH501yAaxRXDYpqTmZZalF+nYJXBknD31mKTjGWfGl6R9LA+NH9i5GTg4JAROJU+/a
	mSBsMYkL99azdTFycQgJLGWUOPRuHSNIgldAUOLH5HssXYwcHMwC8hJHLmVDmHoS9y9qgVQI
	CXxhlJh8VxiiWkvi66GnrCA2i4CqxJnFO8HGswkYS2xevoQNxBYViJBYvvok2HQRgXiJ9reb
	WEHWMgtMY5RoXzQXrFlYIFbieNsRNogF7hI73k1gAbE5BTwkfp2ezTiBUWAWkutmIVw3C+G6
	BYzMqxhFU0uTC4qT0nON9IoTc4tL89L1kvNzNzFCwv3rDsalx6wOMQpwMCrx8H5YsC9UiDWx
	rLgy9xCjBAezkgjvgZtAId6UxMqq1KL8+KLSnNTiQ4zSHCxK4rwzd70PERJITyxJzU5NLUgt
	gskycXBKNTByuk75NfnDw+k/rh77rL2yOjcqlOVQzawVplqmqes7yiNcXnmoz/yQO3mtgwC/
	9M/fAb56otHOgVOffdc4X/8ricVsUsFP0auneOZbiR22W2vyqbcglOlFa9eVv2XXMhZ2SFyK
	SkoKibDPEOH79a/2mpXxVFutN2Ksn37fjtn0cNmJynve88qVWIozEg21mIuKEwFQNjgWcwIA	AA==
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03.08.2015 09:01, Krzysztof Kozlowski wrote:
> During unbinding the driver was dereferencing a pointer to memory
> already freed by power_supply_unregister().
> 
> Driver was freeing its internal description of battery through pointers
> stored in power_supply structure. However, because the core owns the
> power supply instance, after calling power_supply_unregister() this
> memory is freed and the driver cannot access these members.
> 
> Fix this by storing the pointer to internal description of battery in a
> local variable before calling power_supply_unregister(), so the pointer
> remains valid.
> 
> Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
> Reported-by: H.J. Lu <hjl.tools@gmail.com>
> Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core")
> Cc: <stable@vger.kernel.org>
> 
> ---
> Changes since v1:
> 1. Re-work idea, use local variable instead of devm-like functions
>    (pointed out by Dmitry Torokhov).
> 2. Adjusted subject and commit message.

I missed the warning:
drivers/hid/hid-input.c:470:11: warning: assignment discards ‘const’
qualifier from pointer target type

I'll fix this and send v3.

Best regards,
Krzysztof