CVE-2024-56545

In the Linux kernel, the following vulnerability has been resolved:

HID: hyperv: streamline driver probe to avoid devres issues

It was found that unloading 'hid_hyperv' module results in a devres complaint:

... hvvmbus: unregistering driver hidhyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devresreleasegroup+0x1f2/0x2c0 ... Call Trace: <TASK> ? devresreleasegroup+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devresreleasegroup+0x1f2/0x2c0 ? report_bug+0x32a/0x3c0 ? handlebug+0x53/0xa0 ? excinvalidop+0x18/0x50 ? asmexcinvalidop+0x1a/0x20 ? devresreleasegroup+0x1f2/0x2c0 ? devresreleasegroup+0x90/0x2c0 ? rcuiswatching+0x15/0xb0 ? __pfxdevresreleasegroup+0x10/0x10 hiddeviceremove+0xf5/0x220 devicereleasedriverinternal+0x371/0x540 ? klistput+0xf3/0x170 busremovedevice+0x1f1/0x3f0 devicedel+0x33f/0x8c0 ? __pfxdevicedel+0x10/0x10 ? cleanupsrcustruct+0x337/0x500 hiddestroydevice+0xc8/0x130 mousevscremove+0xd2/0x1d0 [hidhyperv] devicereleasedriverinternal+0x371/0x540 driverdetach+0xc5/0x180 busremovedriver+0x11e/0x2a0 ? _mutexunlockslowpath+0x160/0x5e0 vmbusdriverunregister+0x62/0x2b0 [hvvmbus] ...

And the issue seems to be that the corresponding devres group is not allocated. Normally, devresopengroup() is called from __hiddeviceprobe() but Hyper-V HID driver overrides 'hid_dev->driver' with 'mousevschiddriver' stub and basically re-implements __hiddeviceprobe() by calling hid_parse() and hidhwstart() but not devresopengroup(). hiddeviceprobe() does not call __hiddeviceprobe() for it. Later, when the driver is removed, hiddeviceremove() calls devresreleasegroup() as it doesn't check whether hdev->driver was initially overridden or not.

The issue seems to be related to the commit 62c68e7cee33 ("HID: ensure timely release of driver-allocated resources") but the commit itself seems to be correct.

Fix the issue by dropping the 'hiddev->driver' override and using hidregisterdriver()/hidunregisterdriver() instead. Alternatively, it would have been possible to rely on the default handling but HIDCONNECTDEFAULT implies HIDCONNECT_HIDRAW and it doesn't seem to work for mousevsc as-is.