Re: [PATCH] HID: hiddev: Fix race in in hiddev_disconnect()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 15 Jan 2020, Dan Carpenter wrote:

> Syzbot reports that "hiddev" is used after it's free in hiddev_disconnect().
> The hiddev_disconnect() function sets "hiddev->exist = 0;" so
> hiddev_release() can free it as soon as we drop the "existancelock"
> lock.  This patch moves the mutex_unlock(&hiddev->existancelock) until
> after we have finished using it.
> 
> Reported-by: syzbot+784ccb935f9900cc7c9e@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 7f77897ef2b6 ("HID: hiddev: fix potential use-after-free")
> Suggested-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Applied to for-5.6/upstream-fixes. Thanks,

-- 
Jiri Kosina
SUSE Labs
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux