lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20240929-fixes9p-v1-1-40000d94d836@pengutronix.de>
Date: Sun, 29 Sep 2024 21:22:55 +0200
From: Michael Grzeschik <m.grzeschik@...gutronix.de>
To: Eric Van Hensbergen <ericvh@...nel.org>, 
 Latchesar Ionkov <lucho@...kov.net>, 
 Dominique Martinet <asmadeus@...ewreck.org>, 
 Christian Schoenebeck <linux_oss@...debyte.com>
Cc: v9fs@...ts.linux.dev, linux-kernel@...r.kernel.org, 
 kernel@...gutronix.de, Michael Grzeschik <m.grzeschik@...gutronix.de>
Subject: [PATCH] net/9p/usbg: dont call usb9pfs_clear_tx if client is not
 connected

When the client is not Connected it is not valid to call
usb9pfs_clear_tx since the endpoints are not even allocated. By running
into p9_usbg_close in that case we would dereference the in_req which is
NULL when the client->status is Disconnected. Fix that by leaving
usb9pfs_clear_tx immediately if the state is wrong.

We also update the client->status after the for usb9pfs_clear_tx to
check for the actual state when running from p9_usbg_close.

Signed-off-by: Michael Grzeschik <m.grzeschik@...gutronix.de>
---
 net/9p/trans_usbg.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c
index 975b76839dca1..64a5209943dbc 100644
--- a/net/9p/trans_usbg.c
+++ b/net/9p/trans_usbg.c
@@ -417,6 +417,10 @@ static void usb9pfs_clear_tx(struct f_usb9pfs *usb9pfs)
 {
 	struct p9_req_t *req;
 
+	/* we are not allocated - return */
+	if (usb9pfs->client->status != Connected)
+		return;
+
 	guard(spinlock_irqsave)(&usb9pfs->lock);
 
 	req = usb9pfs->in_req->context;
@@ -442,10 +446,10 @@ static void p9_usbg_close(struct p9_client *client)
 	if (!usb9pfs)
 		return;
 
-	client->status = Disconnected;
-
 	usb9pfs_clear_tx(usb9pfs);
 
+	client->status = Disconnected;
+
 	opts = container_of(usb9pfs->function.fi,
 			    struct f_usb9pfs_opts, func_inst);
 

---
base-commit: 68d4209158f43a558c5553ea95ab0c8975eab18c
change-id: 20240929-fixes9p-5d618bbe6d6b

Best regards,
-- 
Michael Grzeschik <m.grzeschik@...gutronix.de>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ