From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: John Boero <boeroboy@gmail.com>
Cc: Felipe Balbi <balbi@kernel.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] usb: core: Null deref in kernel with USB webcams.
Date: Thu, 12 Nov 2020 18:05:53 +0100 [thread overview]
Message-ID: <X61rce8GANHW1ysh@kroah.com> (raw)
In-Reply-To: <CAO5W59jOWuRKizngF8vv9jb-zr_HnLC2eNxKqi3AYwg8KLwKoA@mail.gmail.com>
On Thu, Nov 12, 2020 at 03:52:02PM +0000, John Boero wrote:
> >From 54f9886454e9a28e8d943c1cef15df9c11555df7 Mon Sep 17 00:00:00 2001
> From: JohnnyB <jboero@users.noreply.github.com>
Why all this header here?
And the from: line doesn't match your Signed-off-by: line :(
> Date: Thu, 12 Nov 2020 15:28:29 +0000
> Subject: [PATCH] usb: core: Null deref in kernel with USB webcams.
>
> Fixes: Ubuntu Launchpad bug 1827452
>
> This is my first attempt at a kernel contribution so sorry if sloppy.
No need to put this in the changelog text and have it be in the kernel
for foever :)
>
> There is some kind of race condition affecting Logitech
> webcams that crash USB with a null dereference.
> Affects raspberry pi devices as well as x86.
> No check on dev before dereference.
> Simple fix for issue experienced for months in
> both x86 and arm/rpi environments.
>
> Signed-off-by: John Boero <boeroboy@gmail.com>
>
> ---
> drivers/usb/core/usb.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
> index d8756ffe513a..9b4ac4415f1a 100644
> --- a/drivers/usb/core/usb.c
> +++ b/drivers/usb/core/usb.c
> @@ -272,13 +272,9 @@ EXPORT_SYMBOL_GPL(usb_find_alt_setting);
> struct usb_interface *usb_ifnum_to_if(const struct usb_device *dev,
> unsigned ifnum)
> {
> - struct usb_host_config *config = NULL;
> + struct usb_host_config *config = dev->actconfig;
> int i;
>
> - if (!dev)
> - return NULL;
> -
> - config = dev->actconfig;
> if (!config)
> return NULL;
> for (i = 0; i < config->desc.bNumInterfaces; i++)
This patch is corrupted and can not be applied, but also, it looks
backwards, right?
And how about we find the race condition and fix that instead of trying
to paper over it here?
thanks,
greg k-h
next prev parent reply other threads:[~2020-11-12 17:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 15:52 [PATCH] usb: core: Null deref in kernel with USB webcams John Boero
2020-11-12 15:54 ` John Boero
2020-11-12 17:05 ` Greg Kroah-Hartman [this message]
2020-11-12 17:13 ` John Boero
2020-11-12 17:57 ` Greg Kroah-Hartman
2020-11-12 18:15 ` John Boero
2020-11-12 18:54 ` Greg Kroah-Hartman
2020-11-12 19:25 ` Alan Stern
2020-11-13 13:18 ` John Boero
2020-11-13 16:34 ` Alan Stern
2020-11-13 16:45 ` John Boero
2020-11-13 17:16 ` Alan Stern
2020-11-22 20:03 ` John Boero
2020-11-23 15:26 ` Alan Stern
2020-11-12 19:23 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X61rce8GANHW1ysh@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=balbi@kernel.org \
--cc=boeroboy@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox