Re: [PATCH RESEND -next] Input: uinput - Avoid Use-After-Free with udev lock

Please don't consider this patch, i will send v2 of this. Thanks, Mukesh On 3/28/2019 3:55 PM, Mukesh Ojha wrote: uinput_destroy_device() gets called from two places. In one place, uinput_ioctl_handler() it is protected under a lock udev->mutex but same is not true for other place inside uinpu

[PATCH RESEND -next] Input: uinput - Avoid Use-After-Free with udev lock

uinput_destroy_device() gets called from two places. In one place, uinput_ioctl_handler() it is protected under a lock udev->mutex but same is not true for other place inside uinput_release(). This can result in a race where udev device gets freed while it is in use. [ 160.093398] Call trace: [