Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect

From: Edward Adam Davis
Date: Tue Jul 30 2024 - 02:04:24 EST

Next message: Tzung-Bi Shih: "Re: [PATCH] platform/chrome: cros_ec_proto: Lock device when updating MKBP version"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v5 2/5] dt-bindings: net: wireless: brcm4329-fmac: add clock description for AP6275P"
In reply to: syzbot: "Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect"
Next in thread: syzbot: "Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

move the relase dev to the end

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 933069701c1b

diff --git a/drivers/most/most_usb.c b/drivers/most/most_usb.c
index 485d5ca39951..3f3abb6efb3e 100644
--- a/drivers/most/most_usb.c
+++ b/drivers/most/most_usb.c
@@ -1118,15 +1118,13 @@ static void hdm_disconnect(struct usb_interface *interface)
del_timer_sync(&mdev->link_stat_timer);
cancel_work_sync(&mdev->poll_work_obj);

- if (mdev->dci)
- device_unregister(&mdev->dci->dev);
- most_deregister_interface(&mdev->iface);
-
kfree(mdev->busy_urbs);
kfree(mdev->cap);
kfree(mdev->conf);
kfree(mdev->ep_address);
- put_device(&mdev->dci->dev);
+ if (mdev->dci)
+ device_unregister(&mdev->dci->dev);
+ most_deregister_interface(&mdev->iface);
put_device(&mdev->dev);
}

Next message: Tzung-Bi Shih: "Re: [PATCH] platform/chrome: cros_ec_proto: Lock device when updating MKBP version"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v5 2/5] dt-bindings: net: wireless: brcm4329-fmac: add clock description for AP6275P"
In reply to: syzbot: "Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect"
Next in thread: syzbot: "Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]