Linux Input/HID development
 help / color / mirror / Atom feed
* [PATCH v2 0/2] HID: sensor: custom: Fix fields lifetime issues
@ 2026-07-02  9:48 Haoxiang Li
  2026-07-02  9:48 ` [PATCH v2 1/2] HID: sensor: custom: Remove enable_sensor before freeing fields Haoxiang Li
  2026-07-02  9:48 ` [PATCH v2 2/2] HID: sensor: custom: Fix field sysfs group cleanup on failure Haoxiang Li
  0 siblings, 2 replies; 7+ messages in thread
From: Haoxiang Li @ 2026-07-02  9:48 UTC (permalink / raw)
  To: jikos, jic23, srinivas.pandruvada, bentiss
  Cc: linux-input, linux-iio, linux-kernel, Haoxiang Li

Hi,

This series fixes lifetime issues around sensor_inst->fields and the
sysfs attributes that can access it.

The first patch fixes the remove path by removing enable_sensor before
freeing the field attributes. enable_sensor_store() can dereference
power_state and report_state, which point into sensor_inst->fields.

The second patch fixes the original field sysfs group leak on probe
failure. It creates the field attributes before exposing enable_sensor,
then unwinds any field groups that were created before a later
sysfs_create_group() failure.

Thanks, Jiri, for the review and for pointing out the UAF concern.

Changes in v2:
- Split the fix into two patches.
- Fix the pre-existing remove path ordering issue.
- Create field attributes before exposing enable_sensor.
- Unwind already-created field sysfs groups on failure.

Haoxiang Li (2):
  HID: sensor: custom: Remove enable_sensor before freeing fields
  HID: sensor: custom: Fix field sysfs group cleanup on failure

 drivers/hid/hid-sensor-custom.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)


base-commit: ef0c9f75a19532d7675384708fc8621e10850104
-- 
2.25.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-07-02 18:55 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  9:48 [PATCH v2 0/2] HID: sensor: custom: Fix fields lifetime issues Haoxiang Li
2026-07-02  9:48 ` [PATCH v2 1/2] HID: sensor: custom: Remove enable_sensor before freeing fields Haoxiang Li
2026-07-02 10:05   ` sashiko-bot
2026-07-02 18:53   ` Jonathan Cameron
2026-07-02  9:48 ` [PATCH v2 2/2] HID: sensor: custom: Fix field sysfs group cleanup on failure Haoxiang Li
2026-07-02 10:16   ` sashiko-bot
2026-07-02 18:55   ` Jonathan Cameron

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox