Re: [PATCH v2] HID: mcp-2221: prevent UAF in delayed work
From: Benjamin Tissoires
Date: Mon Feb 20 2023 - 04:32:14 EST
On Mon, Feb 20, 2023 at 10:10 AM Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>
> On Thu, 16 Feb 2023, Benjamin Tissoires wrote:
>
> > If the device is plugged/unplugged without giving time for mcp_init_work()
> > to complete, we might kick in the devm free code path and thus have
> > unavailable struct mcp_2221 while in delayed work.
> >
> > Canceling the delayed_work item is enough to solve the issue, because
> > cancel_delayed_work_sync will prevent the work item to requeue itself.
> >
> > Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
>
> Acked-by: Jiri Kosina <jkosina@xxxxxxx>
Thanks a lot.
I realized I was missing the Fixes 960f9df7c620 and Cc: stable tags.
I am adding those right now and will push it as soon as the minimum CI
reports back that it's OK.
Cheers,
Benjamin
>
> Thanks Benjamin.
>
> --
> Jiri Kosina
> SUSE Labs
>