[PATCH 0/4] USB: fix use-after-free on disconnect race

Next message: Johan Hovold: "[PATCH 2/4] USB: idmouse: fix use-after-free on disconnect race"
Previous message: bot+bpf-ci: "Re: [PATCH bpf-next v7 08/11] selftests/bpf: Add tests to verify global percpu data"
Next in thread: Johan Hovold: "[PATCH 2/4] USB: idmouse: fix use-after-free on disconnect race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johan Hovold

Date: Mon Jun 22 2026 - 11:27:49 EST

Mutexes cannot be used to manage lifetime of objects directly as the
mutex structure is accessed by mutex_unlock() after releasing the lock.

Note that the reporter of the iowarrior issue sent a fix last Friday
that I had missed. That one requires a bit of work still, though. [1]

Johan

[1] https://lore.kernel.org/all/20260619150340.65058-1-samsun1006219@xxxxxxxxx/

Johan Hovold (4):
USB: iowarrior: fix use-after-free on disconnect race
USB: idmouse: fix use-after-free on disconnect race
USB: ldusb: fix use-after-free on disconnect race
USB: legousbtower: fix use-after-free on disconnect race

drivers/usb/misc/idmouse.c | 45 +++++++++++++-------------
drivers/usb/misc/iowarrior.c | 57 ++++++++++++++-------------------
drivers/usb/misc/ldusb.c | 38 +++++++++++-----------
drivers/usb/misc/legousbtower.c | 37 ++++++++++-----------
4 files changed, 83 insertions(+), 94 deletions(-)

--
2.53.0