lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 27 Jan 2024 17:29:43 -0800
From: Greg KH <gregkh@...uxfoundation.org>
To: Jiri Slaby <jirislaby@...nel.org>
Cc: Kuen-Han Tsai <khtsai@...gle.com>, quic_prashk@...cinc.com,
	stern@...land.harvard.edu, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: u_serial: Add null pointer checks after
 RX/TX submission

On Thu, Jan 18, 2024 at 10:27:54AM +0100, Jiri Slaby wrote:
> On 16. 01. 24, 15:16, Kuen-Han Tsai wrote:
> > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in
> > gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't
> > fully fix the potential null pointer dereference issue. While
> > gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx()
> > and gs_start_tx() release the lock during endpoint request submission.
> > This creates a window where gs_close() could set port->port_tty to NULL,
> > leading to a dereference when the lock is reacquired.
> > 
> > This patch adds a null pointer check for port->port_tty after RX/TX
> > submission, and removes the initial null pointer check in gs_start_io()
> > since the caller must hold port_lock and guarantee non-null values for
> > port_usb and port_tty.
> 
> Or you switch to tty_port refcounting and need not fiddling with this at all
> ;).

I agree, Kuen-Han, why not do that instead?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ