Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal

Next message: T Pratham: "Re: [PATCH v10 2/3] crypto: ti - Add support for AES-GCM in DTHEv2 driver"
Previous message: Tejun Heo: "Re: [PATCH v2 01/10] workqueue: devres: Add device-managed allocate workqueue"
In reply to: Johan Hovold: "Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fan Wu

Date: Tue Mar 10 2026 - 13:07:33 EST

On Tue, Mar 10, 2026 at 09:56:48 +0100, Johan Hovold wrote:
> How was this potential issue found? Are you using some kind of LLM or
> other tool?

Hi Johan,

Thanks for the explanation. You're right â?? I missed the lifecycle guarantees
provided by usb_serial_disconnect(), and since opticon_close() already handles
the URB cleanup, this report is a false positive.

I'm currently researching static analysis techniques (CodeQL combined with LLM
assistance) for detecting UAF bugs, particularly around cross-entry lifetimes.
In this case, the analysis missed the subsystem-level guarantee that close runs
before remove.

Thanks for pointing out commit fdb838efa31e and the relevant mechanism â?? this
is very helpful feedback for my research.

Please disregard this patch, and apologies for the noise.

Best regards,
Fan Wu