| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <nycvar.YFH.7.76.2004231157160.19713@cbobk.fhfr.pm>
Date: Thu, 23 Apr 2020 11:59:07 +0200 (CEST)
From: Jiri Kosina <jikos@...nel.org>
To: Alan Stern <stern@...land.harvard.edu>
cc: syzbot <syzbot+7bf5a7b0f0a1f9446f4c@...kaller.appspotmail.com>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Julian Squires <julian@...ht.net>,
Hans de Goede <hdegoede@...hat.com>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
linux-input@...r.kernel.org, andreyknvl@...gle.com,
gregkh@...uxfoundation.org, ingrassia@...genesys.com,
Kernel development list <linux-kernel@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>,
syzkaller-bugs@...glegroups.com, Ping Cheng <pingc@...om.com>,
pinglinux@...il.com, killertofu@...il.com
Subject: Re: KASAN: use-after-free Read in usbhid_close (3)
On Wed, 22 Apr 2020, Alan Stern wrote:
> > Jiri, you should know: Are HID drivers supposed to work okay when the
> > ->close callback is issued after (or concurrently with) the ->stop
> > callback?
>
> No response.
Sorry, I've been a bit swamped recently. Thanks a lot for taking care of
this.
> I'll assume that strange callback orderings should be supported. Let's
> see if the patch below fixes the race in usbhid.
Unfortunately I don't believe the supportability of this is fully defined.
I have tried to quickly go over the few major drivers and didn't find
anything relying various orderings, but I might have easily missed some
case.
So unless we have a programatic way to check it, the patch you created for
mutual exclusion is a good bandaid I believe.
Thanks again Alan, I'll push it to Linus for 5.7.
--
Jiri Kosina
SUSE Labs
Powered by blists - more mailing lists