Re: [PATCH] hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device

From: Jiri Kosina
Date: Mon Apr 09 2018 - 03:30:55 EST

Next message: Aaron Ma: "Re: [PATCH 2/2] HID: i2c-hid: Fix resume issue on Raydium touchscreen device"
Previous message: Jiri Kosina: "Re: [PATCH 2/2] HID: i2c-hid: Fix resume issue on Raydium touchscreen device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 6 Apr 2018, Rodrigo Rivas Costa wrote:

> Doing `ioctl(HIDIOCGFEATURE)` in a tight loop on a hidraw device
> and then disconnecting the device, or unloading the driver, can
> cause a NULL pointer dereference.
>
> When a hidraw device is destroyed it sets 0 to `dev->exist`.
> Most functions check 'dev->exist' before doing its work, but
> `hidraw_get_report()` was missing that check.
>
> Signed-off-by: Rodrigo Rivas Costa <rodrigorivascosta@xxxxxxxxx>

Applied, thank you.

--
Jiri Kosina
SUSE Labs

Next message: Aaron Ma: "Re: [PATCH 2/2] HID: i2c-hid: Fix resume issue on Raydium touchscreen device"
Previous message: Jiri Kosina: "Re: [PATCH 2/2] HID: i2c-hid: Fix resume issue on Raydium touchscreen device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]