6.5-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rahul Rameshbabu rrameshbabu@nvidia.com
[ Upstream commit 197d3143520fec9fde89aebabc9f0d7464f08e50 ]
Use hid_device for devm allocation of the input_dev name to avoid a use-after-free. input_unregister_device would trigger devres cleanup of all resources associated with the input_dev, free-ing the name. The name would subsequently be used in a uevent fired at the end of unregistering the input_dev.
Reported-by: Maxime Ripard mripard@kernel.org Closes: https://lore.kernel.org/linux-input/ZOZIZCND+L0P1wJc@penguin/T/#m443f3dce925... Fixes: 09308562d4af ("HID: nvidia-shield: Initial driver implementation with Thunderstrike support") Suggested-by: Maxime Ripard mripard@kernel.org Suggested-by: Dmitry Torokhov dmitry.torokhov@gmail.com Signed-off-by: Rahul Rameshbabu rrameshbabu@nvidia.com Reviewed-by: Maxime Ripard mripard@kernel.org Link: https://lore.kernel.org/r/20230824061308.222021-4-sergeantsagara@protonmail.... Signed-off-by: Benjamin Tissoires bentiss@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/hid/hid-nvidia-shield.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-nvidia-shield.c b/drivers/hid/hid-nvidia-shield.c index 4e183650c4478..9c44974135079 100644 --- a/drivers/hid/hid-nvidia-shield.c +++ b/drivers/hid/hid-nvidia-shield.c @@ -164,7 +164,7 @@ static struct input_dev *shield_allocate_input_dev(struct hid_device *hdev, idev->id.product = hdev->product; idev->id.version = hdev->version; idev->uniq = hdev->uniq; - idev->name = devm_kasprintf(&idev->dev, GFP_KERNEL, "%s %s", hdev->name, + idev->name = devm_kasprintf(&hdev->dev, GFP_KERNEL, "%s %s", hdev->name, name_suffix); if (!idev->name) goto err_name;