aboutsummaryrefslogtreecommitdiff
path: root/scripts/gdb/linux/device.py
diff options
context:
space:
mode:
authorJohn Keeping <[email protected]>2022-11-22 12:35:21 +0000
committerGreg Kroah-Hartman <[email protected]>2022-11-29 08:56:09 +0100
commit89ff3dfac604614287ad5aad9370c3f984ea3f4b (patch)
tree54885e9e5a8c10cdaa89e0838eb996d8709b4e39 /scripts/gdb/linux/device.py
parent49b42475dd8a9fddbb2f3dc17ff6e4b115c80bfb (diff)
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted. This can readily be replicated with libusbgx's example programs (for conciseness - operating directly via configfs is equivalent): gadget-hid exec 3<> /dev/hidg0 gadget-vid-pid-remove exec 3<&- Pull the existing device up in to struct f_hidg and make use of the cdev_device_{add,del}() helpers. This changes the lifetime of the device object to match struct f_hidg, but note that it is still added and deleted at the same time. Fixes: 71adf1189469 ("USB: gadget: add HID gadget driver") Tested-by: Lee Jones <[email protected]> Reviewed-by: Andrzej Pietrasiewicz <[email protected]> Reviewed-by: Lee Jones <[email protected]> Signed-off-by: John Keeping <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/device.py')
0 files changed, 0 insertions, 0 deletions