Re: [PATCH 5.15 481/731] usb: gadget: f_hid: fix f_hidg lifetime vs cdev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 05 Jan 2023, Greg Kroah-Hartman wrote:

> On Thu, Jan 05, 2023 at 12:18:18PM +0000, Lee Jones wrote:
> > On Wed, 28 Dec 2022, Greg Kroah-Hartman wrote:
> > 
> > > From: John Keeping <john@xxxxxxxxxxxx>
> > > 
> > > [ Upstream commit 89ff3dfac604614287ad5aad9370c3f984ea3f4b ]
> > > 
> > > The embedded struct cdev does not have its lifetime correctly tied to
> > > the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
> > > is held open while the gadget is deleted.
> > > 
> > > This can readily be replicated with libusbgx's example programs (for
> > > conciseness - operating directly via configfs is equivalent):
> > > 
> > > 	gadget-hid
> > > 	exec 3<> /dev/hidg0
> > > 	gadget-vid-pid-remove
> > > 	exec 3<&-
> > > 
> > > Pull the existing device up in to struct f_hidg and make use of the
> > > cdev_device_{add,del}() helpers.  This changes the lifetime of the
> > > device object to match struct f_hidg, but note that it is still added
> > > and deleted at the same time.
> > > 
> > > Fixes: 71adf1189469 ("USB: gadget: add HID gadget driver")
> > > Tested-by: Lee Jones <lee@xxxxxxxxxx>
> > > Reviewed-by: Andrzej Pietrasiewicz <andrzej.p@xxxxxxxxxxxxx>
> > > Reviewed-by: Lee Jones <lee@xxxxxxxxxx>
> > > Signed-off-by: John Keeping <john@xxxxxxxxxxxx>
> > > Link: https://lore.kernel.org/r/20221122123523.3068034-2-john@xxxxxxxxxxxx
> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> > > ---
> > >  drivers/usb/gadget/function/f_hid.c | 52 ++++++++++++++++-------------
> > >  1 file changed, 28 insertions(+), 24 deletions(-)
> >  
> > Dear Stable,
> > 
> > Would you be kind enough to take this back as far back as linux.4.14.y
> > please?  There is a trivial fix-up required for kernels older than
> > v5.15, but it's the same fix-up back through v4.14.
> 
> This is already in the queue for 5.10, 5.4, and 4.19, but for some
> reason not in 4.14.  Can you verify that the 4.19 version works there
> too?

That works.  v4.19 isn't required.  Thanks.

-- 
Lee Jones [李琼斯]
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux