Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal

Next message: Christian Loehle: "Re: [PATCH RFC 5/7] selftests/sched: Add SCHED_DEADLINE bandwidth tests to kselftest"
Previous message: Hugo Villeneuve: "Re: [PATCH v4 4/4] Input: charlieplex_keypad: add GPIO charlieplex keypad"
In reply to: Greg Kroah-Hartman: "Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal"
Next in thread: Johan Hovold: "Re: [PATCH] USB: serial: opticon: fix UAF in write callback during port removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fan Wu

Date: Wed Mar 11 2026 - 10:27:19 EST

> On Mar 11, 2026, at 20:14, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> On Tue, Mar 10, 2026 at 05:04:24PM +0000, Fan Wu wrote:
>> On Tue, Mar 10, 2026 at 09:56:48 +0100, Johan Hovold wrote:
>>> How was this potential issue found? Are you using some kind of LLM or
>>> other tool?
>>
>> Hi Johan,
>>
>> Thanks for the explanation. You're right — I missed the lifecycle guarantees
>> provided by usb_serial_disconnect(), and since opticon_close() already handles
>> the URB cleanup, this report is a false positive.
>>
>> I'm currently researching static analysis techniques (CodeQL combined with LLM
>> assistance) for detecting UAF bugs, particularly around cross-entry lifetimes.
>> In this case, the analysis missed the subsystem-level guarantee that close runs
>> before remove.
>
> As is required, you always have to document this type of thing in the
> changelog text.
>
> thanks,
>
> greg k-h

Hi Johan,

Thanks for the reminder. Understood — I'll make sure to explicitly document the
search method and tool assistance in the changelog for any future patches.

Best regards,
Fan Wu