lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110215164614.GA18862@core.coreip.homeip.net>
Date:	Tue, 15 Feb 2011 08:46:14 -0800
From:	Dmitry Torokhov <dmitry.torokhov@...il.com>
To:	Benjamin Tissoires <benjamin.tissoires@...c.fr>
Cc:	Jiri Kosina <jkosina@...e.cz>,
	Stephane Chatty <chatty@...-enac.fr>,
	linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hidinput: kernel oops in out_cleanup in function
 hidinput_connect

On Tue, Feb 15, 2011 at 03:41:10PM +0100, Benjamin Tissoires wrote:
> Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
> input_unregister_driver to all members of hid->inputs.
> However, hidinput already has been added to hid->inputs even
> though input_register_device was not called.
> 
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@...c.fr>

Yep, well spotted.

Reviewed-by: Dmitry Torokhov <dtor@...l.ru>

> ---
> Hi,
> 
> while playing with hidinput_connect, I found this bug.
> 
> Cheers,
> Benjamin
> 
>  drivers/hid/hid-input.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
> index 7f552bf..f53911d 100644
> --- a/drivers/hid/hid-input.c
> +++ b/drivers/hid/hid-input.c
> @@ -928,6 +928,7 @@ int hidinput_connect(struct hid_device *hid, unsigned int force)
>  	return 0;
>  
>  out_cleanup:
> +	list_del(&hidinput->list);
>  	input_free_device(hidinput->input);
>  	kfree(hidinput);
>  out_unwind:
> -- 
> 1.7.4
> 

-- 
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ