From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19449C5519F for ; Thu, 12 Nov 2020 17:04:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AD7A521D91 for ; Thu, 12 Nov 2020 17:04:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="BHYu2GVH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726113AbgKLRE5 (ORCPT ); Thu, 12 Nov 2020 12:04:57 -0500 Received: from mail.kernel.org ([198.145.29.99]:44456 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725903AbgKLRE4 (ORCPT ); Thu, 12 Nov 2020 12:04:56 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7C58621D7F; Thu, 12 Nov 2020 17:04:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605200696; bh=qEGu5uST4byz8XuJRMjnqZZkRabdlL6gGWmFkpschCo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=BHYu2GVHYY7GTOmz8a4uXpdurzwymiO5oR5TaJepK0yXP8/vAgy/bZnVJSJMKOndk rjlSioJxLgU6QdTh9CkDQqtecBYOJRLhVdj2NXpDoA33ovt17OdZeF9+SJXWOj7mX9 07jQPCTDECz06JDYesZpuDDdi/vLAakx5/Mbbpxo= Date: Thu, 12 Nov 2020 18:05:53 +0100 From: Greg Kroah-Hartman To: John Boero Cc: Felipe Balbi , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] usb: core: Null deref in kernel with USB webcams. Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 12, 2020 at 03:52:02PM +0000, John Boero wrote: > >From 54f9886454e9a28e8d943c1cef15df9c11555df7 Mon Sep 17 00:00:00 2001 > From: JohnnyB Why all this header here? And the from: line doesn't match your Signed-off-by: line :( > Date: Thu, 12 Nov 2020 15:28:29 +0000 > Subject: [PATCH] usb: core: Null deref in kernel with USB webcams. > > Fixes: Ubuntu Launchpad bug 1827452 > > This is my first attempt at a kernel contribution so sorry if sloppy. No need to put this in the changelog text and have it be in the kernel for foever :) > > There is some kind of race condition affecting Logitech > webcams that crash USB with a null dereference. > Affects raspberry pi devices as well as x86. > No check on dev before dereference. > Simple fix for issue experienced for months in > both x86 and arm/rpi environments. > > Signed-off-by: John Boero > > --- > drivers/usb/core/usb.c | 6 +----- > 1 file changed, 1 insertion(+), 5 deletions(-) > > diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c > index d8756ffe513a..9b4ac4415f1a 100644 > --- a/drivers/usb/core/usb.c > +++ b/drivers/usb/core/usb.c > @@ -272,13 +272,9 @@ EXPORT_SYMBOL_GPL(usb_find_alt_setting); > struct usb_interface *usb_ifnum_to_if(const struct usb_device *dev, > unsigned ifnum) > { > - struct usb_host_config *config = NULL; > + struct usb_host_config *config = dev->actconfig; > int i; > > - if (!dev) > - return NULL; > - > - config = dev->actconfig; > if (!config) > return NULL; > for (i = 0; i < config->desc.bNumInterfaces; i++) This patch is corrupted and can not be applied, but also, it looks backwards, right? And how about we find the race condition and fix that instead of trying to paper over it here? thanks, greg k-h