From: Hillf Danton <hdan...@sina.com>
[ Upstream commit 6d4472d7bec39917b54e4e80245784ea5d60ce49 ]
Undo what we did for opening before releasing the memory slice.
Reported-by: syzbot <syzbot+62a1e04fd3ec2abf0...@syzkaller.appspotmail.com>
Cc: Andrey Konovalov <andreyk...@google.com>
Signed-off-by: Hillf Danton <hdan...@sina.com>
Signed-off-by: Jiri Kosina <jkos...@suse.cz>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
drivers/hid/usbhid/hiddev.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index c07df82923802..4e11cc6fc34bc 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -308,6 +308,10 @@ static int hiddev_open(struct inode *inode, struct file
*file)
hid_hw_power(hid, PM_HINT_NORMAL);
bail_unlock:
mutex_unlock(&hiddev->existancelock);
+
+ spin_lock_irq(&list->hiddev->list_lock);
+ list_del(&list->node);
+ spin_unlock_irq(&list->hiddev->list_lock);
bail:
file->private_data = NULL;
vfree(list);
--
2.20.1
