Re: [BUG] KASAN: slab-use-after-free in dev_driver_string from chaoskey_release

Next message: Vaibhav Jain: "Re: [PATCH] KVM: PPC: Book3S HV: Validate arch_compat against host compatibility mode"
Previous message: Bastien Curutchet (Schneider Electric): "[PATCH net-next v2 01/10] net: dsa: microchip: remove useless common cls_flower_{add/del} operations"
In reply to: Shuangpeng: "Re: [BUG] KASAN: slab-use-after-free in dev_driver_string from chaoskey_release"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johan Hovold

Date: Mon Jun 08 2026 - 10:21:56 EST

On Mon, Jun 08, 2026 at 01:24:03PM +0200, Oliver Neukum wrote:
> On 07.06.26 04:29, Alan Stern wrote:
>
> > The simple explanation is that the chaoskey_release() routine contains
> > debugging statements that reference an interface for the USB device even
> > after that data structure may have been deallocated. Since they are
> > merely debugging statements, the simplest solution to the problem is to
> > get rid of them.
> >
> > That's what the patch below does. You can try it out and see if it
> > works.

> correct but it misses the same issue in disconnect.
> You need this one on top.

No, it's perfectly fine to access the interface in the disconnect
callback.

It's only after disconnect() returns that you need an extra reference.

Johan