| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Nov 2022 14:10:29 +0100
From: Sascha Hauer <s.hauer@...gutronix.de>
To: linux-usb@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, kernel@...gutronix.de,
Sascha Hauer <s.hauer@...gutronix.de>
Subject: [PATCH 0/2] use-after-free issues in configfs
This series addresses a few problems with the users of the gether code.
The problem arises when a UDC is disconnected from a gadget created with
configfs doing a "echo '' > UDC". It seems the existing code is tested
up to the point where the gadget from configfs is up, tearing it down
still seems to make problems. I for myself am also not interested in tearing
it down, but I see use-after-free issues when doing a reboot -f.
The underlying problem is that the eth_dev returned by the gether code is used
for multiple bind/unbind cycles, but only initialized properly once.
The usb_gadget * is only valid between bind and unbind, so it is not a suitable
parent for the net_device whose lifetime spans multiple bind/unbind cycles.
I solved the issues for the f_ecm driver, similar problems exist in the other users
like f_eem or f_ncm as well. I can prepare patches for these once it's clear
that this is really the way to go.
Sascha Hauer (2):
usb: gadget: u_ether: Do not make UDC parent of the net device
usb: gadget: f_ecm: Always set current gadget in ecm_bind()
drivers/usb/gadget/function/f_ecm.c | 22 +++++++++-------------
drivers/usb/gadget/function/u_ether.c | 4 ----
2 files changed, 9 insertions(+), 17 deletions(-)
--
2.30.2
Powered by blists - more mailing lists