On Wed, 2020-11-11 at 11:23 +0800, Claire Chang wrote:
> On Wed, Nov 11, 2020 at 1:35 AM Johannes Berg
> wrote:
> > On Tue, 2020-11-10 at 16:49 +0800, Claire Chang wrote:
> > > If a device is getting removed or reprobed during resume, use-after-free
> > > might happen. For example, h5_btrtl_resum
On Wed, Nov 11, 2020 at 1:35 AM Johannes Berg wrote:
>
> On Tue, 2020-11-10 at 16:49 +0800, Claire Chang wrote:
> > If a device is getting removed or reprobed during resume, use-after-free
> > might happen. For example, h5_btrtl_resume()[drivers/bluetooth/hci_h5.c]
> > schedules a work queue for d
On Tue, 2020-11-10 at 16:49 +0800, Claire Chang wrote:
> If a device is getting removed or reprobed during resume, use-after-free
> might happen. For example, h5_btrtl_resume()[drivers/bluetooth/hci_h5.c]
> schedules a work queue for device reprobing. During the reprobing, if
> rfkill_set_block() i
If a device is getting removed or reprobed during resume, use-after-free
might happen. For example, h5_btrtl_resume()[drivers/bluetooth/hci_h5.c]
schedules a work queue for device reprobing. During the reprobing, if
rfkill_set_block() in rfkill_resume() is called after the corresponding
*_unregiste
