From: Jiri Kosina <jikos@kernel.org>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: syzbot <syzbot+7bf5a7b0f0a1f9446f4c@syzkaller.appspotmail.com>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Julian Squires <julian@cipht.net>,
Hans de Goede <hdegoede@redhat.com>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
linux-input@vger.kernel.org, andreyknvl@google.com,
gregkh@linuxfoundation.org, ingrassia@epigenesys.com,
Kernel development list <linux-kernel@vger.kernel.org>,
USB list <linux-usb@vger.kernel.org>,
syzkaller-bugs@googlegroups.com, Ping Cheng <pingc@wacom.com>,
pinglinux@gmail.com, killertofu@gmail.com
Subject: Re: KASAN: use-after-free Read in usbhid_close (3)
Date: Thu, 23 Apr 2020 11:59:07 +0200 (CEST) [thread overview]
Message-ID: <nycvar.YFH.7.76.2004231157160.19713@cbobk.fhfr.pm> (raw)
In-Reply-To: <Pine.LNX.4.44L0.2004221058240.20574-100000@netrider.rowland.org>
On Wed, 22 Apr 2020, Alan Stern wrote:
> > Jiri, you should know: Are HID drivers supposed to work okay when the
> > ->close callback is issued after (or concurrently with) the ->stop
> > callback?
>
> No response.
Sorry, I've been a bit swamped recently. Thanks a lot for taking care of
this.
> I'll assume that strange callback orderings should be supported. Let's
> see if the patch below fixes the race in usbhid.
Unfortunately I don't believe the supportability of this is fully defined.
I have tried to quickly go over the few major drivers and didn't find
anything relying various orderings, but I might have easily missed some
case.
So unless we have a programatic way to check it, the patch you created for
mutual exclusion is a good bandaid I believe.
Thanks again Alan, I'll push it to Linus for 5.7.
--
Jiri Kosina
SUSE Labs
prev parent reply other threads:[~2020-04-23 9:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 15:26 KASAN: use-after-free Read in usbhid_close (3) syzbot
2020-04-12 16:37 ` syzbot
2020-04-17 19:15 ` Alan Stern
2020-04-17 20:15 ` syzbot
2020-04-18 1:30 ` Alan Stern
2020-04-18 1:41 ` syzbot
2020-04-18 19:39 ` Alan Stern
2020-04-18 19:52 ` syzbot
2020-04-18 20:20 ` Alan Stern
2020-04-18 20:32 ` syzbot
2020-04-19 1:34 ` Alan Stern
2020-04-19 1:46 ` syzbot
2020-04-19 2:16 ` Alan Stern
2020-04-19 4:09 ` Dmitry Torokhov
2020-04-19 4:13 ` Dmitry Torokhov
2020-04-19 14:07 ` Alan Stern
2020-04-19 17:18 ` Dmitry Torokhov
2020-04-19 22:42 ` Alan Stern
2020-04-22 15:02 ` Alan Stern
2020-04-22 15:21 ` syzbot
2020-04-23 9:59 ` Jiri Kosina [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.2004231157160.19713@cbobk.fhfr.pm \
--to=jikos@kernel.org \
--cc=andreyknvl@google.com \
--cc=benjamin.tissoires@redhat.com \
--cc=dmitry.torokhov@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=ingrassia@epigenesys.com \
--cc=julian@cipht.net \
--cc=killertofu@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=pingc@wacom.com \
--cc=pinglinux@gmail.com \
--cc=stern@rowland.harvard.edu \
--cc=syzbot+7bf5a7b0f0a1f9446f4c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).