Hi Johannes,
On 4/27/07, Johannes Berg <[EMAIL PROTECTED]> wrote:
Obviously there's a use-after-free condition, but I can't really make
out where it is. The disassembly seems to point to
list_for_each_entry(list, &evdev->list, node)
kill_fasync(&list->fasync, SIGIO, POLL_HUP);
in evdev_disconnect.
Has somebody seen this before? It seems to happen only if userspace has
the device open or so.
Please try -mm, it should be fixed there. As a temporary work wround
you can also swap list_for_each() and wake_up_interruptible() in
evdev_disconnect().
--
Dmitry
