usb: gadget: f_hid: fix report descriptor allocation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The commit 89ff3dfac604 ("usb: gadget: f_hid: fix f_hidg lifetime vs
cdev") has introduced a bug that leads to hid device corruption after
the replug operation.
Reverse device managed memory allocation for the report descriptor
to fix the issue.

Tested:
This change was tested on the AMD EthanolX CRB server with the BMC
based on the OpenBMC distribution. The BMC provides KVM functionality
via the USB gadget device:
- before: KVM page refresh results in a broken USB device,
- after: KVM page refresh works without any issues.

Fixes: 89ff3dfac604 ("usb: gadget: f_hid: fix f_hidg lifetime vs cdev")
Cc: stable@vger.kernel.org
Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>
Link: https://lore.kernel.org/r/20231206080744.253-2-aladyshev22@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Konstantin Aladyshev and committed by

Greg Kroah-Hartman 2 years ago 61890dc2 24be0b3c

+4 -3

1 changed file

expand all

drivers

usb

gadget

function

f_hid.c

+4 -3

drivers/usb/gadget/function/f_hid.c

··· 92 92 { 93 93 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 94 94 95 + kfree(hidg->report_desc); 95 96 kfree(hidg->set_report_buf); 96 97 kfree(hidg); 97 98 } ··· 1288 1287 hidg->report_length = opts->report_length; 1289 1288 hidg->report_desc_length = opts->report_desc_length; 1290 1289 if (opts->report_desc) { 1291 - hidg->report_desc = devm_kmemdup(&hidg->dev, opts->report_desc, 1292 - opts->report_desc_length, 1293 - GFP_KERNEL); 1290 + hidg->report_desc = kmemdup(opts->report_desc, 1291 + opts->report_desc_length, 1292 + GFP_KERNEL); 1294 1293 if (!hidg->report_desc) { 1295 1294 ret = -ENOMEM; 1296 1295 goto err_put_device;