From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-lf0-f51.google.com ([209.85.215.51]:45775 "EHLO
        mail-lf0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751598AbdJILKh (ORCPT
        <rfc822;stable@vger.kernel.org>); Mon, 9 Oct 2017 07:10:37 -0400
Date: Mon, 9 Oct 2017 13:10:34 +0200
From: Johan Hovold <johan@kernel.org>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: Johan Hovold <johan@kernel.org>,
        USB list <linux-usb@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        stable <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] USB: serial: console: fix use-after-free on
 disconnect
Message-ID: <20171009111034.GA3801@localhost>
References: <20171004090113.24218-1-johan@kernel.org>
 <20171004090113.24218-2-johan@kernel.org>
 <CAAeHK+zDy66VEbfH+MV9PcUiWwGoqJX+5wW3Kk5bVXF-gyzbBw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAAeHK+zDy66VEbfH+MV9PcUiWwGoqJX+5wW3Kk5bVXF-gyzbBw@mail.gmail.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Mon, Oct 09, 2017 at 01:05:30PM +0200, Andrey Konovalov wrote:
> On Wed, Oct 4, 2017 at 11:01 AM, Johan Hovold <johan@kernel.org> wrote:
> > A clean-up patch removing removing two redundant NULL-checks from the
> > console disconnect handler inadvertently also removed a third check.
> > This could lead to the struct usb_serial being prematurely freed by the
> > console code when a driver accepts but does not register any ports for
> > an interface which also lacks endpoint descriptors.
> >
> > Fixes: 0e517c93dc02 ("USB: serial: console: clean up sanity checks")
> > Cc: stable <stable@vger.kernel.org>     # 4.11
> > Reported-by: Andrey Konovalov <andreyknvl@google.com>
> 
> Tested-by: Andrey Konovalov <andreyknvl@google.com>
> 
> This fixes the crash.

I just forwarded this one in a pull-request to Greg, but thanks for
testing nonetheless.

Johan