HID: steam: fixes race in handling device list.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Using uhid and KASAN this driver crashed because it was getting
several connection events where it only expected one. Then the
device was added several times to the static device list and it got
corrupted.

This patch checks if the device is already in the list before adding
it.

Signed-off-by: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
Tested-by: Siarhei Vishniakou <svv@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

authored by

Rodrigo Rivas Costa and committed by

Jiri Kosina 5 years ago 2d3f53a8 6363d206

+4 -2

1 changed file

expand all

drivers

hid

hid-steam.c

+4 -2

drivers/hid/hid-steam.c

··· 526 526 steam_battery_register(steam); 527 527 528 528 mutex_lock(&steam_devices_lock); 529 - list_add(&steam->list, &steam_devices); 529 + if (list_empty(&steam->list)) 530 + list_add(&steam->list, &steam_devices); 530 531 mutex_unlock(&steam_devices_lock); 531 532 } 532 533 ··· 553 552 hid_info(steam->hdev, "Steam Controller '%s' disconnected", 554 553 steam->serial_no); 555 554 mutex_lock(&steam_devices_lock); 556 - list_del(&steam->list); 555 + list_del_init(&steam->list); 557 556 mutex_unlock(&steam_devices_lock); 558 557 steam->serial_no[0] = 0; 559 558 } ··· 739 738 mutex_init(&steam->mutex); 740 739 steam->quirks = id->driver_data; 741 740 INIT_WORK(&steam->work_connect, steam_work_connect_cb); 741 + INIT_LIST_HEAD(&steam->list); 742 742 743 743 steam->client_hdev = steam_create_client_hid(hdev); 744 744 if (IS_ERR(steam->client_hdev)) {