Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp510677pxb; Thu, 12 Nov 2020 09:07:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJy0rS/yipxWN0nAmu9dXzywDG19Tt1QKKVCP2uPifsJ5kxLpdA6fMxy1wwkXDGRvzm8ztM8 X-Received: by 2002:a19:443:: with SMTP id 64mr136662lfe.108.1605200865428; Thu, 12 Nov 2020 09:07:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605200865; cv=none; d=google.com; s=arc-20160816; b=Ohxw9/PdDmx5VgCHJbs3LSdLxPCHgY4m3LxRHLZkMDdDzOM/XbLiQXFLkMwiAOTN4/ lOoN4OWrLToEWoxwwuCdeK/MNj1YtIyUTlEH/JKKZsPFZLqH9gb52Fd3ln3IVlVg71av ywcCDR3uPOP/zy3/q0xbZmZKrkR9BaZSKdOsq54ltkcGd/S/5543AM+1a41Qbiqx1HXU dhENQD+aFadayRJzqvNsYNKOPYly/+ttyUcvRwUUwwygQGsoSHOBZa4kRMxPUuhwGFK5 cLSNxbRY3RLV7+1LoFJulODESl3DFjxW65J+/75N+cYuWf+otLOUuMAHeWn4UWl8mtmZ JpNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=r78LS3WQ6/ABwq1QiOBSocijFE8QAB7vay8OEZ64NO0=; b=nQDM+M4FwtCKT2i7XOA0UAuMM0aRCo1ViXeUOxNtGuIPptLOIs20jJBJI2x/qcUZr4 7jvySpKUnLTvkmoBZbTMRqtESJXROO9agxFbBhttoVO1r9PcGWluxhnj2zXRUYHDfjkM Ag6Fo9Ape4y4tdJEiKfHeU54Xt76r/a5E5YcbiYaagutx/oDCp/klWCRMnz/eoGIm/Ez L9prnu/te5+rqY8Zmexpf7wO71kVXjsHnHqvSfEwBQEHGuaJcVwEiEovnMxUNo7iYlA5 NOby6Gdq88pjE1oT7xTlg4LazH50OS80E2xfXv2mmdDIXzyRZmj9xNuo/NhkVAN6StuT Ohvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BHYu2GVH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l1si4476725edv.3.2020.11.12.09.07.19; Thu, 12 Nov 2020 09:07:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BHYu2GVH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726091AbgKLRE5 (ORCPT + 99 others); Thu, 12 Nov 2020 12:04:57 -0500 Received: from mail.kernel.org ([198.145.29.99]:44456 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725903AbgKLRE4 (ORCPT ); Thu, 12 Nov 2020 12:04:56 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7C58621D7F; Thu, 12 Nov 2020 17:04:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605200696; bh=qEGu5uST4byz8XuJRMjnqZZkRabdlL6gGWmFkpschCo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=BHYu2GVHYY7GTOmz8a4uXpdurzwymiO5oR5TaJepK0yXP8/vAgy/bZnVJSJMKOndk rjlSioJxLgU6QdTh9CkDQqtecBYOJRLhVdj2NXpDoA33ovt17OdZeF9+SJXWOj7mX9 07jQPCTDECz06JDYesZpuDDdi/vLAakx5/Mbbpxo= Date: Thu, 12 Nov 2020 18:05:53 +0100 From: Greg Kroah-Hartman To: John Boero Cc: Felipe Balbi , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] usb: core: Null deref in kernel with USB webcams. Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 12, 2020 at 03:52:02PM +0000, John Boero wrote: > >From 54f9886454e9a28e8d943c1cef15df9c11555df7 Mon Sep 17 00:00:00 2001 > From: JohnnyB Why all this header here? And the from: line doesn't match your Signed-off-by: line :( > Date: Thu, 12 Nov 2020 15:28:29 +0000 > Subject: [PATCH] usb: core: Null deref in kernel with USB webcams. > > Fixes: Ubuntu Launchpad bug 1827452 > > This is my first attempt at a kernel contribution so sorry if sloppy. No need to put this in the changelog text and have it be in the kernel for foever :) > > There is some kind of race condition affecting Logitech > webcams that crash USB with a null dereference. > Affects raspberry pi devices as well as x86. > No check on dev before dereference. > Simple fix for issue experienced for months in > both x86 and arm/rpi environments. > > Signed-off-by: John Boero > > --- > drivers/usb/core/usb.c | 6 +----- > 1 file changed, 1 insertion(+), 5 deletions(-) > > diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c > index d8756ffe513a..9b4ac4415f1a 100644 > --- a/drivers/usb/core/usb.c > +++ b/drivers/usb/core/usb.c > @@ -272,13 +272,9 @@ EXPORT_SYMBOL_GPL(usb_find_alt_setting); > struct usb_interface *usb_ifnum_to_if(const struct usb_device *dev, > unsigned ifnum) > { > - struct usb_host_config *config = NULL; > + struct usb_host_config *config = dev->actconfig; > int i; > > - if (!dev) > - return NULL; > - > - config = dev->actconfig; > if (!config) > return NULL; > for (i = 0; i < config->desc.bNumInterfaces; i++) This patch is corrupted and can not be applied, but also, it looks backwards, right? And how about we find the race condition and fix that instead of trying to paper over it here? thanks, greg k-h