Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp4883134ybv; Mon, 17 Feb 2020 07:45:15 -0800 (PST) X-Google-Smtp-Source: APXvYqxZUmIvOx1Z8+HtISnS2KlWa9kcyvTSsqo2shyAjEfFBL5r1Ps9Kr+mwCPIMZw82EzTqyLQ X-Received: by 2002:a9d:7386:: with SMTP id j6mr12267325otk.336.1581954314985; Mon, 17 Feb 2020 07:45:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581954314; cv=none; d=google.com; s=arc-20160816; b=r+9lhGJ2nn5kuaHc70bSwu4VwRUln9C0wyrADTPcP93zRqmw3+Uy9NCD0yq/rqihk0 iYS20bKUqp+pxBvrAvMZ7LFCqJ70zl81u7Q92rA7r6xfc2/nVsfzxL+Hs2aiCFiF/imJ xNM8f1NHtwjzDz1COZGpVO6QJJUDBYGUUOhhXEqm4A2vE7Wg+h3LQcW36ewL1WH0w7N8 Gf8xDYpfXE2Z/gkqxWU6EEbVzGRGW+gfznM4wbvPiT2zyc0TMBuEY/otAk+wCmkbWjv/ HFEKILFVNN5bJ8ePITwXRDjDQZtdFqqbi9Ue9efc398rUzNB4dunPZtm/uuy1/39GE0o 29vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:subject :from:to:dkim-signature; bh=kwxIYXO9ZQLxZYLWCibVPzyp30EQ5TPRFr5H4jfiVTI=; b=HiFpbsUsd0BIxhJXbVq0uWZomIdkR3LjaHxPG3BN/m+k7micWHe4Uo4lkH2NDyB2gc hoV4isuVMO8kL0E218CRV1N53LKTbiyFYMtGOLxKWVFZgnS5z25Da7wwz0EdVmRlIaC0 X1gguHc1YzXO/8R6B9rhsaXWURHl3e9EGsyOwrxvetTjfHF1A2V1B+E/gIh3Kp4MJqKl du+IYn0cJ1udIbuE9O71fIDA1IEFwOGpVAPvOcS7sdYa75bwb49+zgfQjqE0CboDpt/N XLtioK1CwDKBEVJFn9DLQd7u1m7ELKrtcEysSQ73FUdib6ryt8TPoUScAzQA71E2ETpF 8tlw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hanno.de header.s=default1911 header.b=JLTbFHMr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h28si382719otg.63.2020.02.17.07.45.03; Mon, 17 Feb 2020 07:45:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hanno.de header.s=default1911 header.b=JLTbFHMr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729052AbgBQPoy (ORCPT + 99 others); Mon, 17 Feb 2020 10:44:54 -0500 Received: from www149.your-server.de ([78.47.15.70]:59744 "EHLO www149.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726528AbgBQPox (ORCPT ); Mon, 17 Feb 2020 10:44:53 -0500 X-Greylist: delayed 1207 seconds by postgrey-1.27 at vger.kernel.org; Mon, 17 Feb 2020 10:44:53 EST DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=hanno.de; s=default1911; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date: Message-ID:Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=kwxIYXO9ZQLxZYLWCibVPzyp30EQ5TPRFr5H4jfiVTI=; b=JLTbFHMrzb0U/YZo+Q2GX34SRM 8/DeFYvH+bgrA6GDjZ/ATzJ4wnXfrdOX6I2m6tOZxCJa7T+NPbUuO94BICoBeAHETxx65yfJYoj1S BiwmYZ7ieysCJvj+xcJMeuA9z/qHajM7rv4ZaTRgRxl0y9YU/StytnAGklintSrSUHkl+Pj/yYXnC mR/WYuIoOPOqUw/SKF2JPCawaTdoQso/OpT/OUK33SDznwQNilxi+EqzOatiYfTJ68ohBgN0j1FLi nMbkYK68SRiR55Vl/qmTtYL5ee7m4uPLRbLVIzqfK8FVC0gbKyL9H0z38ZccAhkxApE0k4fGLfUU3 N3J+0pGQ==; Received: from sslproxy06.your-server.de ([78.46.172.3]) by www149.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1j3iGH-0004g8-J2; Mon, 17 Feb 2020 16:24:41 +0100 Received: from [62.96.7.134] (helo=[10.1.0.41]) by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1j3iGH-0002Cx-Fs; Mon, 17 Feb 2020 16:24:41 +0100 To: Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org From: Hanno Zulla Subject: [PATCH 0/3] HID: hid-bigbenff: fixing three crash bugs in a gamepad driver Message-ID: Date: Mon, 17 Feb 2020 16:24:41 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: abos@hanno.de X-Virus-Scanned: Clear (ClamAV 0.102.1/25726/Mon Feb 17 15:01:07 2020) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi there, the hid-bigbenff.c had three bugs causing possible kernel crashes. The first patch fixes a double free during device removal, which was caused by a wrong use of input_ff_create_memless(). The "driver-specific data to be passed into play_effect" parameter of input_ff_create_memless() would later be freed automatically when the ff device is removed. Since the driver also uses the managed resource API, it would automatically free the memory of this parameter twice, causing a general protection fault moments later. The second patch fixes the error path after hid_hw_start(), as a call to hid_hw_stop() is required in case of an error. The second patch also removes the hid_hw_close() call during device removal, as several other hid device drivers don't call this routine, either. The third patch adds a flag to avoid a race condition when there is still scheduled work left (or newly being scheduled) during or after device removal, which could cause a kernel crash. Thanks in advance for your review & kind regards, Hanno