Am 30.08.21 um 16:08 schrieb Dan Carpenter:

On Tue, Jun 01, 2021 at 03:23:55PM +0200, Johannes Thumshirn wrote:

quoted

Am 01.06.21 um 11:18 schrieb Dan Carpenter:

quoted

There are two bugs:
1) If ida_simple_get() fails then this code calls put_device(carrier)
   but we haven't yet called get_device(carrier) and probably that
   leads to a use after free.
2) After device_initialize() then we need to use put_device() to
   release the bus.  This will free the internal resources tied to the
   device and call mcb_free_bus() which will free the rest.

Fixes: 5d9e2ab9fea4 ("mcb: Implement bus->dev.release callback")
Fixes: 18d288198099 ("mcb: Correctly initialize the bus's device")
Signed-off-by: Dan Carpenter <redacted>

Thanks applied

This is still not in linux-next.

regards,
dan carpenter

Hi Dan,

Greg asked me to resend the patch with Cc stable and I totally forgot to
do that, my bad.

I'll do that ASAP once the merge window opens again or earlier if Greg
is OK with it.

Byte,
    Johannes