This is a note to let you know that I've just added the patch titled
USB: usbtmc: fix probe error path
to the 4.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-usbtmc-fix-probe-error-path.patch
and it can be found in the queue-4.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2e47c53503eb9faff42b3cfa144a833344dd1f89 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@xxxxxxxxxx>
Date: Tue, 14 Mar 2017 17:55:46 +0100
Subject: USB: usbtmc: fix probe error path
From: Johan Hovold <johan@xxxxxxxxxx>
commit 2e47c53503eb9faff42b3cfa144a833344dd1f89 upstream.
Make sure to initialise the return value to avoid having allocation
failures going unnoticed when allocating interrupt-endpoint resources.
This prevents use-after-free or worse when the device is later unbound.
Fixes: dbf3e7f654c0 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.")
Cc: Dave Penkler <dpenkler@xxxxxxxxx>
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/class/usbtmc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/usb/class/usbtmc.c
+++ b/drivers/usb/class/usbtmc.c
@@ -1476,8 +1476,10 @@ static int usbtmc_probe(struct usb_inter
if (data->iin_ep_present) {
/* allocate int urb */
data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
- if (!data->iin_urb)
+ if (!data->iin_urb) {
+ retcode = -ENOMEM;
goto error_register;
+ }
/* Protect interrupt in endpoint data until iin_urb is freed */
kref_get(&data->kref);
@@ -1485,8 +1487,10 @@ static int usbtmc_probe(struct usb_inter
/* allocate buffer for interrupt in */
data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
GFP_KERNEL);
- if (!data->iin_buffer)
+ if (!data->iin_buffer) {
+ retcode = -ENOMEM;
goto error_register;
+ }
/* fill interrupt urb */
usb_fill_int_urb(data->iin_urb, data->usb_dev,
Patches currently in stable-queue which might be from johan@xxxxxxxxxx are
queue-4.10/usb-serial-option-add-quectel-uc15-uc20-ec21-and-ec25-modems.patch
queue-4.10/input-ims-pcu-validate-number-of-endpoints-before-using-them.patch
queue-4.10/usb-usbtmc-add-missing-endpoint-sanity-check.patch
queue-4.10/input-cm109-validate-number-of-endpoints-before-using-them.patch
queue-4.10/input-iforce-validate-number-of-endpoints-before-using-them.patch
queue-4.10/mmc-ushc-fix-null-deref-at-probe.patch
queue-4.10/input-kbtab-validate-number-of-endpoints-before-using-them.patch
queue-4.10/usb-usbtmc-fix-probe-error-path.patch
queue-4.10/input-sur40-validate-number-of-endpoints-before-using-them.patch
queue-4.10/uwb-i1480-dfu-fix-null-deref-at-probe.patch
queue-4.10/input-hanwang-validate-number-of-endpoints-before-using-them.patch
queue-4.10/usb-idmouse-fix-null-deref-at-probe.patch
queue-4.10/uwb-hwa-rc-fix-null-deref-at-probe.patch
queue-4.10/usb-lvtest-fix-null-deref-at-probe.patch
queue-4.10/input-yealink-validate-number-of-endpoints-before-using-them.patch
queue-4.10/usb-serial-qcserial-add-dell-dw5811e.patch
queue-4.10/usb-uss720-fix-null-deref-at-probe.patch
queue-4.10/usb-wusbcore-fix-null-deref-at-probe.patch