dan.carpenter@oracle.com 208119d552 HID: hiddev: Fix race in in hiddev_disconnect() ... commit 5c02c447eaeda29d3da121a2e17b97ccaf579b51 upstream. Syzbot reports that "hiddev" is used after it's free in hiddev_disconnect(). The hiddev_disconnect() function sets "hiddev->exist = 0;" so hiddev_release() can free it as soon as we drop the "existancelock" lock. This patch moves the mutex_unlock(&hiddev->existancelock) until after we have finished using it. Reported-by: syzbot+784ccb935f9900cc7c9e@syzkaller.appspotmail.com Fixes: 7f77897ef2b6 ("HID: hiddev: fix potential use-after-free") Suggested-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-04-07 14:04:49 +02:00
..
accessibility
acpi	ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1	2020-04-07 13:56:22 +02:00
amba
android
ata	ahci: Do not export local variable ahci_em_messages	2020-04-07 13:43:01 +02:00
atm	atm: eni: fix uninitialized variable warning	2020-04-07 13:45:54 +02:00
auxdisplay
base	driver core: Print device when resources present in really_probe()	2020-04-07 13:56:48 +02:00
battery
battery_v2
bcma	bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA	2020-04-07 13:43:09 +02:00
block	floppy: check FDC index for errors before assigning it	2020-04-07 14:01:14 +02:00
bluetooth
bts
bus
ccic
cdrom
char	ipmi:ssif: Handle a possible NULL pointer reference	2020-04-07 14:04:14 +02:00
clk	clk: qcom: rcg2: Don't crash if our parent can't be found; return an error	2020-04-07 13:56:02 +02:00
clocksource	clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable	2020-04-07 13:40:44 +02:00
connector
cpufreq
cpuidle
crypto	crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill	2020-04-07 13:50:08 +02:00
dca
devfreq
dio
dma	dmaengine: ti: edma: fix missed failure handling	2020-04-07 13:43:56 +02:00
dma-buf
edac
eisa
extcon
fingerprint
firewire
firmware
five
fmc
fpga
gator
gpio
gps
gpu	radeon: insert 10ms sleep in dce5_crtc_load_lut	2020-04-07 13:57:17 +02:00
gud
hid	HID: hiddev: Fix race in in hiddev_disconnect()	2020-04-07 14:04:49 +02:00
hsi
hv
hwmon	hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.	2020-04-07 13:55:21 +02:00
hwspinlock
hwtracing
i2c
ide	ide: serverworks: potential overflow in svwks_set_pio_mode()	2020-04-07 13:56:59 +02:00
idle
iio	iio: buffer: align the size of scan bytes to size of the largest element	2020-04-07 13:45:04 +02:00
infiniband	scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"	2020-04-07 14:03:52 +02:00
input	Input: edt-ft5x06 - work around first register access error	2020-04-07 13:56:40 +02:00
iommu	iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE	2020-04-07 13:56:53 +02:00
ipack
irqchip	irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL	2020-04-07 13:57:27 +02:00
isdn
leds
lguest
lightnvm
macintosh
mailbox
mcb
md	bcache: explicity type cast in bset_bkey_last()	2020-04-07 13:57:25 +02:00
media	media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()	2020-04-07 13:55:42 +02:00
memory
memstick
message
mfd	mfd: rn5t618: Mark ADC control register volatile	2020-04-07 13:51:00 +02:00
misc	mic: avoid statically declaring a 'struct device'.	2020-04-07 13:42:37 +02:00
mmc	mmc: spi: Toggle SPI polarity, do not hardcode it	2020-04-07 13:49:49 +02:00
motor
mtd
muic
net	net: phy: restore mdio regs in the iproc mdio driver	2020-04-07 14:04:30 +02:00
nfc	nfc: pn544: Fix occasional HW initialization failure	2020-04-07 14:04:37 +02:00
ntb
nubus
nvdimm
nvme
nvmem
of	of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc	2020-04-07 13:50:01 +02:00
oprofile
parisc
parport
pci	PCI: Don't disable bridge BARs when assigning bus resources	2020-04-07 13:56:46 +02:00
pcmcia
perf
phy
pinctrl	pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs	2020-04-07 13:56:29 +02:00
platform	MIPS: Loongson: Fix return value of loongson_hwmon_init	2020-04-07 13:43:51 +02:00
pnp
power	power: supply: ltc2941-battery-gauge: fix use-after-free	2020-04-07 13:49:57 +02:00
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator	regulator: rk808: Lower log level on optional GPIOs being not available	2020-04-07 13:56:05 +02:00
remoteproc	remoteproc: Initialize rproc_class before use	2020-04-07 13:57:01 +02:00
reset
rpmsg
rtc	rtc: hym8563: Return -EINVAL if the time is known to be invalid	2020-04-07 13:54:35 +02:00
s390
sbus
scsi	scsi: iscsi: Don't destroy session if there are outstanding connections	2020-04-07 13:56:55 +02:00
security/samsung/icdrv
sensorhub
sensors
sfi
sh
sn
soc	soc/tegra: fuse: Correct straps' address for older Tegra124 device trees	2020-04-07 13:56:37 +02:00
spi	spi: spi-fsl-spi: call spi_finalize_current_message() at the end	2020-04-07 13:42:01 +02:00
spmi
ssb
staging	staging: rtl8188eu: Fix potential overuse of kernel memory	2020-04-07 14:03:24 +02:00
switch
target	scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"	2020-04-07 14:03:54 +02:00
tc
tee
thermal	thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power	2020-04-07 13:41:59 +02:00
thunderbolt
trace
tty	sysrq: Remove duplicated sysrq message	2020-04-07 14:04:26 +02:00
uh
uio	uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()	2020-04-07 13:55:48 +02:00
usb	xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms	2020-04-07 14:03:32 +02:00
uwb
vfio	vfio_pci: Enable memory accesses before calling pci_map_rom	2020-04-07 13:40:33 +02:00
vhost
video	backlight: lm3630a: Return 0 on success in update_status functions	2020-04-07 13:41:58 +02:00
virt
virtio
vision
vlynq
vme
w1
watchdog	watchdog: rn5t618_wdt: fix module aliases	2020-04-07 13:45:48 +02:00
xen	xen: Enable interrupts when calling _cond_resched()	2020-04-07 14:04:03 +02:00
zorro
Kconfig
Makefile