leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bd729f9d67
linux/drivers/usb/core
History
Alan Stern bd729f9d67 USB: fix error handling in usb_driver_claim_interface() 
The syzbot fuzzing project found a use-after-free bug in the USB
core.  The bug was caused by usbfs not unbinding from an interface
when the USB device file was closed, which led another process to
attempt the unbind later on, after the private data structure had been
deallocated.

The reason usbfs did not unbind the interface at the appropriate time
was because it thought the interface had never been claimed in the
first place.  This was caused by the fact that
usb_driver_claim_interface() does not clean up properly when
device_bind_driver() returns an error.  Although the error code gets
passed back to the caller, the iface->dev.driver pointer remains set
and iface->condition remains equal to USB_INTERFACE_BOUND.

This patch adds proper error handling to usb_driver_claim_interface().

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: syzbot+f84aa7209ccec829536f@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-20 12:49:12 +02:00
..
buffer.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
config.c USB: Accept bulk endpoints with 1024-byte maxpacket 2018-05-03 10:16:38 -07:00
devices.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
devio.c USB: usbdevfs: restore warning for nonsensical flags 2018-09-20 12:48:39 +02:00
driver.c USB: fix error handling in usb_driver_claim_interface() 2018-09-20 12:49:12 +02:00
endpoint.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
file.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
generic.c USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw 2018-03-23 14:11:54 +01:00
hcd-pci.c usb: Don't die twice if PCI xhci host is not responding in resume 2018-09-05 14:36:53 +02:00
hcd.c Merge 4.17-rc3 into usb-next 2018-04-30 04:58:51 -07:00
hub.c Merge 4.18-rc7 into usb-next 2018-07-30 10:04:58 +02:00
hub.h usb: hub: Per-port setting to use old enumeration scheme 2018-05-31 12:48:17 +02:00
Kconfig docs-rst: fix usb cross-references 2017-04-11 14:41:29 -06:00
ledtrig-usbport.c usb: simplify usbport trigger 2018-07-05 23:21:15 +02:00
Makefile usb: core: add a wrapper for the USB PHYs on the HCD 2018-03-09 09:43:53 -08:00
message.c usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() 2018-09-05 14:36:53 +02:00
notify.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
of.c usb: Change usb_of_get_companion_dev() place to usb/common 2018-09-10 20:40:29 +02:00
otg_whitelist.h USB: core: Remove redundant license text 2017-11-04 11:55:39 +01:00
phy.c usb: core: phy: make it a no-op if CONFIG_GENERIC_PHY is disabled 2018-04-22 15:01:30 +02:00
phy.h usb: core: phy: add the SPDX-License-Identifier and include guard 2018-04-23 09:41:32 +02:00
port.c usb: hub: Per-port setting to use old enumeration scheme 2018-05-31 12:48:17 +02:00
quirks.c USB: Add quirk to support DJI CineSSD 2018-09-05 13:27:07 +02:00
sysfs.c USB: USB 3.2 Add sysfs entries for a usb device rx_lanes and tx_lanes 2018-04-22 16:19:26 +02:00
urb.c usb: core: urb: Check SSP isoc ep comp descriptor 2018-03-20 10:13:30 +01:00
usb-acpi.c usb: clarify ACPI spec version and section number for _UPC & _PLD 2018-03-09 09:37:10 -08:00
usb.c USB: core: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
usb.h usb: core: Add "quirks" parameter for usbcore 2018-03-20 10:16:09 +01:00