lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4964AD64.6040003@googlemail.com>
Date:	Wed, 07 Jan 2009 14:25:56 +0100
From:	Gabriel C <nix.or.die@...glemail.com>
To:	Jiri Kosina <jkosina@...e.cz>
CC:	Oliver Neukum <oliver@...kum.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [GIT] HID updates for 2.6.29

Jiri Kosina wrote:

> On Wed, 7 Jan 2009, Oliver Neukum wrote:
> 
>>> --- a/drivers/hid/usbhid/hiddev.c
>>> +++ b/drivers/hid/usbhid/hiddev.c
>>> @@ -885,6 +885,7 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
>>>  	} else {
>>>  		hid->minor = usbhid->intf->minor;
>>>  		hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
>>> +		hid->hiddev = hiddev;
>> It seems to me that this is still a race condition. What prevents open()
>> from being called before this is set?
> 
> Right, there indeed is a tiny race window. Gabriel, could you please 
> verify with the patch below instead? Thanks.


Your patch fixed the panic for me.

Feel free to add my Tested-by: if needed.

> 
> 
> From: Jiri Kosina <jkosina@...e.cz>
> Subject: [PATCH] HID: fix hid->hiddev initialization in hiddev_connect()
> 
> Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
> properly") by mistake removed proper initialization of hid->hiddev pointer
> in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
> Put it properly back in place.
> 
> Reported-by: Gabriel C <nix.or.die@...glemail.com>
> Signed-off-by: Jiri Kosina <jkosina@...e.cz>
> ---
>  drivers/hid/usbhid/hiddev.c |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
> index 6a98f9f..d73eea3 100644
> --- a/drivers/hid/usbhid/hiddev.c
> +++ b/drivers/hid/usbhid/hiddev.c
> @@ -874,12 +874,14 @@ int hiddev_connect(struct hid_device *hid, unsigned int force)
>  	INIT_LIST_HEAD(&hiddev->list);
>  	spin_lock_init(&hiddev->list_lock);
>  	mutex_init(&hiddev->existancelock);
> +	hid->hiddev = hiddev;
>  	hiddev->hid = hid;
>  	hiddev->exist = 1;
>  
>  	retval = usb_register_dev(usbhid->intf, &hiddev_class);
>  	if (retval) {
>  		err_hid("Not able to get a minor for this device.");
> +		hid->hiddev = NULL;
>  		kfree(hiddev);
>  		return -1;
>  	} else {


Regards,

Gabriel C
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ