| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Dec 2022 22:31:51 +0900
From: Vincent Mailhol <mailhol.vincent@...adoo.fr>
To: Marc Kleine-Budde <mkl@...gutronix.de>, linux-can@...r.kernel.org
Cc: Wolfgang Grandegger <wg@...ndegger.com>,
"David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Frank Jungclaus <frank.jungclaus@....eu>, socketcan@....eu,
Yasushi SHOJI <yashi@...cecubics.com>,
Stefan Mätje <stefan.maetje@....eu>,
Hangyu Hua <hbh25y@...il.com>,
Oliver Hartkopp <socketcan@...tkopp.net>,
Peter Fink <pfink@...ist-es.de>,
Jeroen Hofstee <jhofstee@...tronenergy.com>,
Christoph Möhring <cmoehring@...ist-es.de>,
John Whittington <git@...engineering.co.uk>,
Vasanth Sadhasivan <vasanth.sadhasivan@...sara.com>,
Jimmy Assarsson <extja@...ser.com>,
Anssi Hannula <anssi.hannula@...wise.fi>,
Pavel Skripkin <paskripkin@...il.com>,
Stephane Grosjean <s.grosjean@...k-system.com>,
Wolfram Sang <wsa+renesas@...g-engineering.com>,
"Gustavo A . R . Silva" <gustavoars@...nel.org>,
Julia Lawall <Julia.Lawall@...ia.fr>,
Dongliang Mu <dzm91@...t.edu.cn>,
Sebastian Haas <haas@...-wuensche.com>,
Maximilian Schneider <max@...neidersoft.net>,
Daniel Berglund <db@...ser.com>,
Olivier Sobrie <olivier@...rie.be>,
Remigiusz Kołłątaj
<remigiusz.kollataj@...ica.com>,
Jakob Unterwurzacher <jakob.unterwurzacher@...obroma-systems.com>,
Martin Elshuber <martin.elshuber@...obroma-systems.com>,
Philipp Tomsich <philipp.tomsich@...obroma-systems.com>,
Bernd Krumboeck <b.krumboeck@...il.com>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Alan Stern <stern@...land.harvard.edu>,
linux-usb@...r.kernel.org,
Vincent Mailhol <mailhol.vincent@...adoo.fr>
Subject: [PATCH 0/8] can: usb: remove all usb_set_intfdata(intf, NULL) in drivers' disconnect()
The core sets the usb_interface to NULL in [1]. Also setting it to
NULL in usb_driver::disconnects() is at best useless, at worse risky.
Indeed, if a driver set the usb interface to NULL before all actions
relying on the interface-data pointer complete, there is a risk of
NULL pointer dereference. Typically, this is the case if there are
outstanding urbs which have not yet completed when entering
disconnect().
If all actions are already completed, doing usb_set_intfdata(intf,
NULL) is useless because the core does it at [1].
The first seven patches fix all drivers which set their usb_interface
to NULL while outstanding URB might still exists. There is one patch
per driver in order to add the relevant "Fixes:" tag to each of them.
The last patch removes in bulk the remaining benign calls to
usb_set_intfdata(intf, NULL) in etas_es58x and peak_usb.
N.B. some other usb drivers outside of the can tree also have the same
issue, but this is out of scope of this.
[1] function usb_unbind_interface() from drivers/usb/core/driver.c
Link: https://elixir.bootlin.com/linux/v6.0/source/drivers/usb/core/driver.c#L497
Vincent Mailhol (8):
can: ems_usb: ems_usb_disconnect(): fix NULL pointer dereference
can: esd_usb: esd_usb_disconnect(): fix NULL pointer dereference
can: gs_usb: gs_usb_disconnect(): fix NULL pointer dereference
can: kvaser_usb: kvaser_usb_disconnect(): fix NULL pointer dereference
can: mcba_usb: mcba_usb_disconnect(): fix NULL pointer dereference
can: ucan: ucan_disconnect(): fix NULL pointer dereference
can: usb_8dev: usb_8dev_disconnect(): fix NULL pointer dereference
can: etas_es58x and peak_usb: remove useless call to
usb_set_intfdata()
drivers/net/can/usb/ems_usb.c | 2 --
drivers/net/can/usb/esd_usb.c | 2 --
drivers/net/can/usb/etas_es58x/es58x_core.c | 1 -
drivers/net/can/usb/gs_usb.c | 2 --
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 --
drivers/net/can/usb/mcba_usb.c | 2 --
drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 --
drivers/net/can/usb/ucan.c | 2 --
drivers/net/can/usb/usb_8dev.c | 2 --
9 files changed, 17 deletions(-)
--
2.37.4
Powered by blists - more mailing lists