mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include
History
Charles Yi 364406d4c1 HID: fix HID device resource race between HID core and debugging support 
[ Upstream commit fc43e9c857 ]

hid_debug_events_release releases resources bound to the HID device instance.
hid_device_release releases the underlying HID device instance potentially
before hid_debug_events_release has completed releasing debug resources bound
to the same HID device instance.

Reference count to prevent the HID device instance from being torn down
preemptively when HID debugging support is used. When count reaches zero,
release core resources of HID device instance using hiddev_free.

The crash:

[  120.728477][ T4396] kernel BUG at lib/list_debug.c:53!
[  120.728505][ T4396] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[  120.739806][ T4396] Modules linked in: bcmdhd dhd_static_buf 8822cu pcie_mhi r8168
[  120.747386][ T4396] CPU: 1 PID: 4396 Comm: hidt_bridge Not tainted 5.10.110 #257
[  120.754771][ T4396] Hardware name: Rockchip RK3588 EVB4 LP4 V10 Board (DT)
[  120.761643][ T4396] pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
[  120.768338][ T4396] pc : __list_del_entry_valid+0x98/0xac
[  120.773730][ T4396] lr : __list_del_entry_valid+0x98/0xac
[  120.779120][ T4396] sp : ffffffc01e62bb60
[  120.783126][ T4396] x29: ffffffc01e62bb60 x28: ffffff818ce3a200
[  120.789126][ T4396] x27: 0000000000000009 x26: 0000000000980000
[  120.795126][ T4396] x25: ffffffc012431000 x24: ffffff802c6d4e00
[  120.801125][ T4396] x23: ffffff8005c66f00 x22: ffffffc01183b5b8
[  120.807125][ T4396] x21: ffffff819df2f100 x20: 0000000000000000
[  120.813124][ T4396] x19: ffffff802c3f0700 x18: ffffffc01d2cd058
[  120.819124][ T4396] x17: 0000000000000000 x16: 0000000000000000
[  120.825124][ T4396] x15: 0000000000000004 x14: 0000000000003fff
[  120.831123][ T4396] x13: ffffffc012085588 x12: 0000000000000003
[  120.837123][ T4396] x11: 00000000ffffbfff x10: 0000000000000003
[  120.843123][ T4396] x9 : 455103d46b329300 x8 : 455103d46b329300
[  120.849124][ T4396] x7 : 74707572726f6320 x6 : ffffffc0124b8cb5
[  120.855124][ T4396] x5 : ffffffffffffffff x4 : 0000000000000000
[  120.861123][ T4396] x3 : ffffffc011cf4f90 x2 : ffffff81fee7b948
[  120.867122][ T4396] x1 : ffffffc011cf4f90 x0 : 0000000000000054
[  120.873122][ T4396] Call trace:
[  120.876259][ T4396]  __list_del_entry_valid+0x98/0xac
[  120.881304][ T4396]  hid_debug_events_release+0x48/0x12c
[  120.886617][ T4396]  full_proxy_release+0x50/0xbc
[  120.891323][ T4396]  __fput+0xdc/0x238
[  120.895075][ T4396]  ____fput+0x14/0x24
[  120.898911][ T4396]  task_work_run+0x90/0x148
[  120.903268][ T4396]  do_exit+0x1bc/0x8a4
[  120.907193][ T4396]  do_group_exit+0x8c/0xa4
[  120.911458][ T4396]  get_signal+0x468/0x744
[  120.915643][ T4396]  do_signal+0x84/0x280
[  120.919650][ T4396]  do_notify_resume+0xd0/0x218
[  120.924262][ T4396]  work_pending+0xc/0x3f0

[ Rahul Rameshbabu <sergeantsagara@protonmail.com>: rework changelog ]
Fixes: cd667ce247 ("HID: use debugfs for events/reports dumping")
Signed-off-by: Charles Yi <be286@163.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-12-03 07:31:22 +01:00
..
acpi ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error 2023-07-23 13:47:18 +02:00
asm-generic word-at-a-time: use the same return type for has_zero regardless of endianness 2023-08-11 15:13:49 +02:00
clocksource
crypto crypto: api - Use work queue in crypto_destroy_instance 2023-09-19 12:22:33 +02:00
drm drm/mipi-dsi: Create devm device attachment 2023-11-20 11:08:19 +01:00
dt-bindings
keys KEYS: trusted: allow use of kernel RNG for key material 2023-10-19 23:05:33 +02:00
kunit
kvm
linux HID: fix HID device resource race between HID core and debugging support 2023-12-03 07:31:22 +01:00
math-emu
media media: v4l2-mem2mem: add lock to protect parameter num_rdy 2023-08-26 14:23:23 +02:00
memory
misc
net netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 16:56:24 +00:00
pcmcia
ras
rdma RDMA/cma: Always set static rate to 0 for RoCE 2023-06-21 15:59:17 +02:00
scsi scsi: core: Rename scsi_mq_done() into scsi_done() and export it 2023-10-19 23:05:32 +02:00
soc
sound ASoC: soc-card: Add storage for PCI SSID 2023-11-28 16:56:17 +00:00
target scsi: target: Fix multiple LUN_RESET handling 2023-05-11 23:00:26 +09:00
trace neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section 2023-10-25 11:58:57 +02:00
uapi can: isotp: add local echo tx processing and tx without FC 2023-11-08 17:26:49 +01:00
vdso
video
xen ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 2023-05-11 23:00:22 +09:00