iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/hid
History
Karthik Alapati 1bea0bbf66 HID: hidraw: fix memory leak in hidraw_release() 
commit a5623a203cffe2d2b84d2f6c989d9017db1856af upstream.

Free the buffered reports before deleting the list entry.

BUG: memory leak
unreferenced object 0xffff88810e72f180 (size 32):
  comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)
  hex dump (first 32 bytes):
    64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00  d..j............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814ac6c3>] kmemdup+0x23/0x50 mm/util.c:128
    [<ffffffff8357c1d2>] kmemdup include/linux/fortify-string.h:440 [inline]
    [<ffffffff8357c1d2>] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521
    [<ffffffff8356ddad>] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992
    [<ffffffff8356e41e>] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065
    [<ffffffff835f0d3f>] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284
    [<ffffffff82d3c7f9>] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670
    [<ffffffff82d3cc26>] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747
    [<ffffffff82ef1e14>] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
    [<ffffffff812f50a8>] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474
    [<ffffffff812f5586>] expire_timers kernel/time/timer.c:1519 [inline]
    [<ffffffff812f5586>] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790
    [<ffffffff812f56e4>] __run_timers kernel/time/timer.c:1768 [inline]
    [<ffffffff812f56e4>] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803
    [<ffffffff848000e6>] __do_softirq+0xe6/0x2ea kernel/softirq.c:571
    [<ffffffff81246db0>] invoke_softirq kernel/softirq.c:445 [inline]
    [<ffffffff81246db0>] __irq_exit_rcu kernel/softirq.c:650 [inline]
    [<ffffffff81246db0>] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662
    [<ffffffff84574f02>] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106
    [<ffffffff84600c8b>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
    [<ffffffff8458a070>] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
    [<ffffffff8458a070>] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
    [<ffffffff8458a070>] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
    [<ffffffff8458a070>] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554

Link: https://syzkaller.appspot.com/bug?id=19a04b43c75ed1092021010419b5e560a8172c4f
Reported-by: syzbot+f59100a0428e6ded9443@syzkaller.appspotmail.com
Signed-off-by: Karthik Alapati <mail@karthek.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-09-05 10:23:57 +02:00
..
i2c-hid
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
2022-04-20 09:06:34 +02:00
intel-ish-hid
HID: intel-ish-hid: fixes incorrect error handling
2019-12-05 15:34:28 +01:00
usbhid
HID: introduce hid_is_using_ll_driver
2021-12-14 10:04:46 +01:00
hid-a4tech.c
HID: input: fix a4tech horizontal wheel custom usage
2019-09-06 10:19:33 +02:00
hid-alps.c
HID: alps: fix error return code in alps_input_configured()
2021-04-28 12:07:16 +02:00
hid-apple.c
HID: apple: Do not reset quirks when the Fn key is not found
2022-01-27 08:47:36 +01:00
hid-appleir.c
HID: hid-input: allow input_configured callback return errors
2015-11-05 09:51:50 -08:00
hid-asus.c
HID: asus: add support for VivoBook E200HA
2016-04-04 09:59:21 +02:00
hid-aureal.c
HID: fix some indenting issues
2015-10-21 13:15:53 +02:00
hid-axff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-belkin.c
hid-betopff.c
HID: betop: fix slab-out-of-bounds Write in betop_probe
2021-10-06 10:23:42 +02:00
hid-cherry.c
HID: fix a couple of off-by-ones
2014-08-21 10:43:28 -05:00
hid-chicony.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-cmedia.c
HID: Support for CMedia CM6533 HID audio jack controls
2016-03-02 10:31:36 +01:00
hid-core.c
HID: Add BUS_VIRTUAL to hid_connect logging
2021-06-30 08:49:10 -04:00
hid-corsair.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-cp2112.c
HID: cp2112: fix broken gpio_direction_input callback
2017-12-20 10:07:26 +01:00
hid-cypress.c
HID: cypress: Support Varmilo Keyboards' media hotkeys
2020-12-02 08:31:25 +01:00
hid-debug.c
HID: add mapping for KEY_ALL_APPLICATIONS
2022-03-08 19:00:59 +01:00
hid-dr.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-elecom.c
HID: fix some indenting issues
2015-10-21 13:15:53 +02:00
hid-elo.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-emsff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-ezkey.c
hid-gaff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-gembird.c
HID: gembird: add new driver to fix Gembird JPD-DualForce 2
2015-08-18 15:03:43 +02:00
hid-generic.c
hid-gfrm.c
HID: hid-gfrm: avoid warning for input_configured API change
2015-11-05 10:15:35 -08:00
hid-gt683r.c
HID: gt683r: add missing MODULE_DEVICE_TABLE
2021-06-30 08:49:11 -04:00
hid-gyration.c
hid-holtek-kbd.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-holtek-mouse.c
HID: holtek: fix mouse probing
2021-12-29 12:14:48 +01:00
hid-holtekff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-hyperv.c
HID: hyperv: match wait_for_completion_timeout return type
2015-01-26 14:25:41 +01:00
hid-icade.c
hid-ids.h
HID: plantronics: Workaround for double volume key presses
2021-05-22 10:40:26 +02:00
hid-input.c
HID: add mapping for KEY_ALL_APPLICATIONS
2022-03-08 19:00:59 +01:00
hid-kensington.c
hid-keytouch.c
hid-kye.c
HID: kye: Fix MousePen i608X v2 report descriptor
2016-09-19 14:32:22 +02:00
hid-lcpower.c
hid-led.c
HID: hid-led: fix maximum brightness for Dream Cheeky
2022-06-14 16:52:31 +02:00
hid-lenovo.c
HID: lenovo: Add checks to fix of_led_classdev_register
2019-02-12 19:44:59 +01:00
hid-lg2ff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-lg3ff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-lg4ff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-lg4ff.h
HID: hid-logitech: Add combined pedal support Logitech wheels
2016-09-26 15:39:54 +02:00
hid-lg.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-lg.h
HID: hid-lg4ff: Introduce a module parameter to disable automatic switch of compatibility mode
2015-02-18 21:14:54 +01:00
hid-lgff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-logitech-dj.c
HID: logitech-dj: check report length
2014-12-17 08:50:12 +01:00
hid-logitech-hidpp.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-magicmouse.c
HID: magicmouse: do not set up autorepeat
2020-07-22 09:10:51 +02:00
hid-microsoft.c
HID: multitouch: enable the Surface 3 Type Cover to report multitouch data
2017-04-12 12:41:16 +02:00
hid-monterey.c
HID: fix a couple of off-by-ones
2014-08-21 10:43:28 -05:00
hid-multitouch.c
HID: core: Sanitize event code and type when mapping input
2020-09-12 11:47:31 +02:00
hid-ntrig.c
HID: hid-ntrig: add error handling for sysfs_create_group
2018-10-03 17:01:47 -07:00
hid-ortek.c
hid-penmount.c
HID: penmount: report only one button for PenMount 6000 USB touchscreen controller
2016-03-10 17:17:26 +01:00
hid-petalynx.c
HID: fix a couple of off-by-ones
2014-08-21 10:43:28 -05:00
hid-picolcd_backlight.c
HID: picoLCD: Deletion of unnecessary checks before three function calls
2015-06-29 14:51:12 +02:00
hid-picolcd_cir.c
HID: picoLCD: Deletion of unnecessary checks before three function calls
2015-06-29 14:51:12 +02:00
hid-picolcd_core.c
HID: picolcd: be more verbose when reporting report size error
2014-08-27 23:27:10 +02:00
hid-picolcd_debugfs.c
hid-picolcd_fb.c
hid-picolcd_lcd.c
HID: picoLCD: Deletion of unnecessary checks before three function calls
2015-06-29 14:51:12 +02:00
hid-picolcd_leds.c
HID: use to_hid_device()
2015-12-28 13:41:44 +01:00
hid-picolcd.h
hid-pl.c
hid-plantronics.c
HID: plantronics: Workaround for double volume key presses
2021-05-22 10:40:26 +02:00
hid-primax.c
hid-prodikeys.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-rmi.c
HID: Fix hid_report_len usage
2018-04-24 09:34:11 +02:00
hid-roccat-arvo.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-arvo.h
hid-roccat-common.c
HID: use kobj_to_dev()
2015-12-28 13:41:51 +01:00
hid-roccat-common.h
hid-roccat-isku.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-isku.h
hid-roccat-kone.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-kone.h
hid-roccat-koneplus.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-koneplus.h
hid-roccat-konepure.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-kovaplus.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-kovaplus.h
hid-roccat-lua.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-lua.h
hid-roccat-pyra.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-pyra.h
hid-roccat-ryos.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-savu.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-roccat-savu.h
hid-roccat.c
HID: roccat: silence an uninitialized variable warning
2016-04-04 09:49:12 +02:00
hid-saitek.c
HID: hid-saitek: Add device ID for RAT 7 Contagion
2018-10-10 08:53:20 +02:00
hid-samsung.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-sensor-custom.c
HID: sensor: fix attributes in HID sensor interface
2016-11-05 16:56:09 +01:00
hid-sensor-hub.c
HID: hid-sensor-hub: Return error for hid_set_field() failure
2021-06-30 08:49:10 -04:00
hid-sjoy.c
HID: sjoy: support Super Joy Box 4
2015-05-07 10:47:53 +02:00
hid-sony.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-speedlink.c
hid-steelseries.c
HID: use to_hid_device()
2015-12-28 13:41:44 +01:00
hid-sunplus.c
HID: fix a couple of off-by-ones
2014-08-21 10:43:28 -05:00
hid-tivo.c
HID: tivo: enable all buttons on the TiVo Slide Pro remote
2015-03-15 10:04:27 -04:00
hid-tmff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-topseed.c
hid-twinhan.c
hid-uclogic.c
HID: check for valid USB device for many HID drivers
2021-12-14 10:04:47 +01:00
hid-waltop.c
HID: Remove broken links to tablet descriptions
2016-09-19 14:32:21 +02:00
hid-wiimote-core.c
hid-wiimote-debug.c
hid-wiimote-modules.c
HID: wiimote: Fix wiimote mp scale linearization
2016-03-18 17:31:38 +01:00
hid-wiimote.h
HID: use to_hid_device()
2015-12-28 13:41:44 +01:00
hid-xinmo.c
HID: xinmo: fix for out of range for THT 2P arcade controller.
2017-12-25 14:23:40 +01:00
hid-zpff.c
HID: Fix assumption that devices have inputs
2019-11-06 12:18:20 +01:00
hid-zydacron.c
hidraw.c
HID: hidraw: fix memory leak in hidraw_release()
2022-09-05 10:23:57 +02:00
Kconfig
HID: wacom: add USB_HID dependency
2022-02-16 12:43:55 +01:00
Makefile
HID: intel_ish-hid: ISH Transport layer
2016-08-17 11:13:07 +02:00
uhid.c
HID: uhid: Fix worker destroying device without any protection
2022-01-27 08:47:31 +01:00
wacom_sys.c
HID: wacom: fix problems when device is not a valid USB device
2021-12-14 10:04:47 +01:00
wacom_wac.c
HID: wacom: Avoid using stale array indicies to read contact count
2022-01-27 08:47:31 +01:00
wacom_wac.h
Merge branches 'for-4.8/upstream-fixes', 'for-4.9/alps', 'for-4.9/hid-input', 'for-4.9/intel-ish', 'for-4.9/kye-uclogic-waltop-fixes', 'for-4.9/logitech', 'for-4.9/sony', 'for-4.9/upstream' and 'for-4.9/wacom' into for-linus
2016-10-07 09:59:48 +02:00
wacom.h
HID: wacom: power_supply: provide the actual model_name
2016-08-05 13:39:23 +02:00