lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4d0652cd-e3ca-4319-b012-142a110efe15@gmail.com>
Date:   Thu, 7 Apr 2022 09:55:23 +0800
From:   Hangyu Hua <hbh25y@...il.com>
To:     Oliver Neukum <oneukum@...e.com>, gregkh@...uxfoundation.org,
        mudongliangabcd@...il.com
Cc:     linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: misc: fix improper handling of refcount in
 uss720_probe()

Oh, i sorry. Thank you for your reminder. I will remake a patch carefully.

On 2022/4/6 19:47, Oliver Neukum wrote:
> 
> 
> On 06.04.22 09:33, Hangyu Hua wrote:
>> usb_put_dev shouldn't be called when uss720_probe succeeds because of
>> priv->usbdev. At the same time, priv->usbdev shouldn't be set to NULL
>> before destroy_priv in uss720_disconnect because usb_put_dev is in
>> destroy_priv.
> 
> Hi,
> 
> I am sorry, but that's a clear NACK.
>> @@ -754,13 +753,13 @@ static void uss720_disconnect(struct usb_interface *intf)
>>   	usb_set_intfdata(intf, NULL);
>>   	if (pp) {
>>   		priv = pp->private_data;
>> -		priv->usbdev = NULL;
>>   		priv->pp = NULL;
>>   		dev_dbg(&intf->dev, "parport_remove_port\n");
>>   		parport_remove_port(pp);
>>   		parport_put_port(pp);
>>   		kill_all_async_requests_priv(priv);
>>   		kref_put(&priv->ref_count, destroy_priv);
>> +		priv->usbdev = NULL;
> 
> That is a clear use after free The patch is no good in this state..
> 
>      HTH
>          Oliver
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ