lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 10 Feb 2012 14:33:50 -0800
From:	Greg KH <gregkh@...uxfoundation.org>
To:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc:	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	alan@...rguk.ukuu.org.uk, Jakub Schmidtke <sjakub@...il.com>,
	Pekka Paalanen <pq@....fi>
Subject: [patch 46/55] Staging: asus_oled: fix NULL-ptr crash on unloading

3.0-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Pekka Paalanen <pq@....fi>

commit 3589e74595a4332ebf77b5ed006f3c6686071ecd upstream.

Asus_oled triggers the following bug on module unloading:

 usbcore: deregistering interface driver asus-oled
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
 IP: [<ffffffff8111292b>] sysfs_delete_link+0x30/0x66

 Call Trace:
  [<ffffffff81225373>] device_remove_class_symlinks+0x6b/0x70
  [<ffffffff812256a8>] device_del+0x9f/0x1ab
  [<ffffffff812257c5>] device_unregister+0x11/0x1e
  [<ffffffffa000cb82>] asus_oled_disconnect+0x4f/0x9e [asus_oled]
  [<ffffffff81277430>] usb_unbind_interface+0x54/0x103
  [<ffffffff812276c4>] __device_release_driver+0xa2/0xeb
  [<ffffffff81227794>] driver_detach+0x87/0xad
  [<ffffffff812269e9>] bus_remove_driver+0x91/0xc1
  [<ffffffff81227fb4>] driver_unregister+0x66/0x6e
  [<ffffffff812771ed>] usb_deregister+0xbb/0xc4
  [<ffffffffa000ce87>] asus_oled_exit+0x2f/0x31 [asus_oled]
  [<ffffffff81068365>] sys_delete_module+0x1b8/0x21b
  [<ffffffff810ae3de>] ? do_munmap+0x2ef/0x313
  [<ffffffff813699bb>] system_call_fastpath+0x16/0x1b

This is due to an incorrect destruction sequence in asus_oled_exit().

Fix the order, fixes the bug. Tested on an Asus G50V laptop only.

Cc: Jakub Schmidtke <sjakub@...il.com>
Signed-off-by: Pekka Paalanen <pq@....fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 drivers/staging/asus_oled/asus_oled.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/staging/asus_oled/asus_oled.c
+++ b/drivers/staging/asus_oled/asus_oled.c
@@ -811,10 +811,9 @@ error:
 
 static void __exit asus_oled_exit(void)
 {
+	usb_deregister(&oled_driver);
 	class_remove_file(oled_class, &class_attr_version.attr);
 	class_destroy(oled_class);
-
-	usb_deregister(&oled_driver);
 }
 
 module_init(asus_oled_init);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists