Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5913418ybf; Thu, 5 Mar 2020 09:21:41 -0800 (PST) X-Google-Smtp-Source: ADFU+vsdMKvvoykpQg0yko0YjsVJtkhPKSu1aVCdI/mYqw+kkrAj5/uj0ajSPGtDieMnfy9tFINN X-Received: by 2002:aca:4183:: with SMTP id o125mr58960oia.125.1583428901692; Thu, 05 Mar 2020 09:21:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583428901; cv=none; d=google.com; s=arc-20160816; b=Koi3yhSzZj5AUgd/x6kBkwpfl9xX/Gf5FsFLkJzCKXm2IMRGFASAmOto56eX3CWdaG Zff0GdkTHLjpmrzeEiisvZQi/I4Vd/5XdElRhz66v8Q22fYpYMsOxaCEETEqfUnq50oS 0fk0jm8mGBjeeRFsGrRnEfylGhLkYm/vvRPHvvEcVN4WDyETqv8/FvGyxO40SU/+wUSt cAfXcNLISGr4qZCRnb6SReWEhTnx6uJu3r8IwEKsoWu/Km91n9I+Be+sQ7g6/AAaUgIv x7XBbbgv1rBc7kZXtkaxFoiOonRFyM/Eg+z4ruad4iIKjV6tu7cgf3X3D408GlBkJcOn nYDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vwm2uFqNdpgKgoQ2Li/5P8nhT/gWb2yQChbV1M23BrI=; b=XEnXReaDd5pG3SQ3SfJySJGJrwHOhfrgZ86XcgFk4SwmmnUdcr566amp7ZAi5Dpuwx oMwCJtB6HBVfWUk7sP2xtENApf+DyddcogGsdKZyNeTVSkqfNWHR7j/jjVScXQm3SbmD k+3YowLcK25FGLzLRnhqdxCqoTibbNEkX1tVSsZqh7oEkIDQBf2ouQUKWySmoFOco7Zk McGb0GuuZ8VCik4eowyqqV8bqpbjczcvMEzzAGEJvtITTch5tvKkabpE6I/ALUkJoWVQ e+bDnkP9HwSEYPQh3WrqPT5ZTrQTq04xcM+IJsouss4FcaN0Ex5sQsYvxxV9TLFcqmKg OedA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W7SxEQF1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s128si3667358oig.204.2020.03.05.09.21.29; Thu, 05 Mar 2020 09:21:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=W7SxEQF1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727897AbgCERVO (ORCPT + 99 others); Thu, 5 Mar 2020 12:21:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:40930 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727733AbgCEROi (ORCPT ); Thu, 5 Mar 2020 12:14:38 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6EEFF217F4; Thu, 5 Mar 2020 17:14:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583428478; bh=F1D0R/proQlgrCAIHqb84XFSvyT3s+JQd9HSM/5D7iQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W7SxEQF1mVAhLZYqDoXn5ssVdZaLqQNO9LM1HWM+YVe67nKu/2YGWXXOIXpMf1eqe VifwgCXt7JBPzkrEjfiNNNBxgLPh5RZRy1sjHI07KmnpOOpSWZlJnZ14/RO1vGUl8Z dDV+5CQT4z5oO8w5LWOt8lBXCGkbATereQfrNQ7k= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Hanno Zulla , Benjamin Tissoires , Sasha Levin , linux-input@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 14/58] HID: hid-bigbenff: fix general protection fault caused by double kfree Date: Thu, 5 Mar 2020 12:13:35 -0500 Message-Id: <20200305171420.29595-14-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200305171420.29595-1-sashal@kernel.org> References: <20200305171420.29595-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hanno Zulla [ Upstream commit 789a2c250340666220fa74bc6c8f58497e3863b3 ] The struct *bigben was allocated via devm_kzalloc() and then used as a parameter in input_ff_create_memless(). This caused a double kfree during removal of the device, since both the managed resource API and ml_ff_destroy() in drivers/input/ff-memless.c would call kfree() on it. Signed-off-by: Hanno Zulla Signed-off-by: Benjamin Tissoires Signed-off-by: Sasha Levin --- drivers/hid/hid-bigbenff.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c index 3f6abd190df43..f7e85bacb6889 100644 --- a/drivers/hid/hid-bigbenff.c +++ b/drivers/hid/hid-bigbenff.c @@ -220,10 +220,16 @@ static void bigben_worker(struct work_struct *work) static int hid_bigben_play_effect(struct input_dev *dev, void *data, struct ff_effect *effect) { - struct bigben_device *bigben = data; + struct hid_device *hid = input_get_drvdata(dev); + struct bigben_device *bigben = hid_get_drvdata(hid); u8 right_motor_on; u8 left_motor_force; + if (!bigben) { + hid_err(hid, "no device data\n"); + return 0; + } + if (effect->type != FF_RUMBLE) return 0; @@ -341,7 +347,7 @@ static int bigben_probe(struct hid_device *hid, INIT_WORK(&bigben->worker, bigben_worker); - error = input_ff_create_memless(hidinput->input, bigben, + error = input_ff_create_memless(hidinput->input, NULL, hid_bigben_play_effect); if (error) return error; -- 2.20.1