With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles')
introduces a use after free in usb_kbd_remove():- usbkbd's stdio device is de-registered with stdio_deregister_dev(), the struct stdio_dev is freed. - iomux_doenv() is called, usbkbd removed from the console list, and console_stop() is called on the struct stdio_dev pointer that no longer exists. This series mitigates this by making sure the pointer is really a stdio device prior performing the stop operation. It's not ideal, but I couldn't figure out a nicer way to fix this. Regards, Nicolas --- Changes since v1: - Comment new function - Add comment stating this needs a proper fix Nicolas Saenz Julienne (2): stdio: Introduce stdio_valid() console: Don't start/stop console if stdio device invalid common/console.c | 9 +++++++++ common/stdio.c | 11 +++++++++++ include/stdio_dev.h | 11 +++++++++++ 3 files changed, 31 insertions(+) -- 2.30.0
