From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailout3.w1.samsung.com ([210.118.77.13]:56676 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750956AbbHCE6F (ORCPT ); Mon, 3 Aug 2015 00:58:05 -0400 MIME-version: 1.0 Content-type: text/plain; charset=windows-1252 Content-transfer-encoding: 8BIT Message-id: <55BEF4D3.7050903@samsung.com> Date: Mon, 03 Aug 2015 13:57:55 +0900 From: Krzysztof Kozlowski To: Jiri Kosina , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Torokhov , sre@kernel.org, linux-pm@vger.kernel.org, "H.J. Lu" , stable@vger.kernel.org Subject: Re: [PATCH v2] HID: hid-input: Fix accessing freed memory during device disconnect References: <1438560081-23055-1-git-send-email-k.kozlowski@samsung.com> In-reply-to: <1438560081-23055-1-git-send-email-k.kozlowski@samsung.com> Sender: stable-owner@vger.kernel.org List-ID: On 03.08.2015 09:01, Krzysztof Kozlowski wrote: > During unbinding the driver was dereferencing a pointer to memory > already freed by power_supply_unregister(). > > Driver was freeing its internal description of battery through pointers > stored in power_supply structure. However, because the core owns the > power supply instance, after calling power_supply_unregister() this > memory is freed and the driver cannot access these members. > > Fix this by storing the pointer to internal description of battery in a > local variable before calling power_supply_unregister(), so the pointer > remains valid. > > Signed-off-by: Krzysztof Kozlowski > Reported-by: H.J. Lu > Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core") > Cc: > > --- > Changes since v1: > 1. Re-work idea, use local variable instead of devm-like functions > (pointed out by Dmitry Torokhov). > 2. Adjusted subject and commit message. I missed the warning: drivers/hid/hid-input.c:470:11: warning: assignment discards �const� qualifier from pointer target type I'll fix this and send v3. Best regards, Krzysztof