[PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect

From: Benjamin Tissoires
Date: Tue Feb 15 2011 - 09:41:15 EST

Next message: Avi Kivity: "Re: [PATCH v3 4/6] KVM-GST: KVM Steal time registration"
Previous message: Ian Kent: "Re: [PATCH 0/3] Fixes for vfs-scale and vfs-automount"
Next in thread: Dmitry Torokhov: "Re: [PATCH] hidinput: kernel oops in out_cleanup in functionhidinput_connect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
input_unregister_driver to all members of hid->inputs.
However, hidinput already has been added to hid->inputs even
though input_register_device was not called.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxx>
---
Hi,

while playing with hidinput_connect, I found this bug.

Cheers,
Benjamin

drivers/hid/hid-input.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 7f552bf..f53911d 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -928,6 +928,7 @@ int hidinput_connect(struct hid_device *hid, unsigned int force)
return 0;

out_cleanup:
+ list_del(&hidinput->list);
input_free_device(hidinput->input);
kfree(hidinput);
out_unwind:
--
1.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Avi Kivity: "Re: [PATCH v3 4/6] KVM-GST: KVM Steal time registration"
Previous message: Ian Kent: "Re: [PATCH 0/3] Fixes for vfs-scale and vfs-automount"
Next in thread: Dmitry Torokhov: "Re: [PATCH] hidinput: kernel oops in out_cleanup in functionhidinput_connect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]