xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
516a1a07f0219d6672fb6b8e49fb9d5d533c2e89
android_kernel_xiaomi_sm8450/drivers/usb/core
History
Oliver Neukum 516a1a07f0 USB: fix race leading to a write after kfree in usbfs 
this fixes a race between async_completed() and proc_reapurbnonblock().

CPU A                   CPU B

spin_lock(&ps->lock);
list_move_tail(&as->asynclist, &ps->async_completed);
spin_unlock(&ps->lock);

                                if (!(as = async_getcompleted(ps)))
                                        return -EAGAIN;
                                return processcompl(as, (void __user * __user *)arg);

processcompl() calls free_async() which calls kfree(as)

as->status = urb->status;
if (as->signr) {
        sinfo.si_signo = as->signr;
        sinfo.si_errno = as->status;
        sinfo.si_code = SI_ASYNCIO;
        sinfo.si_addr = as->userurb;
        kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
                              as->euid, as->secid);
}
snoop(&urb->dev->dev, "urb complete\n");
snoop_urb(urb, as->userurb);

write after kfree

Signed-off-by: Oliver Neukum <oliver@neukum.org>
2009-07-12 15:16:40 -07:00
..
buffer.c
USB: pass mem_flags to dma_alloc_coherent
2009-04-23 14:15:28 -07:00
config.c
USB: Change names of SuperSpeed ep companion descriptor structs.
2009-06-15 21:44:50 -07:00
devices.c
USB: add missing class descriptions used in usb/devices file
2009-07-12 15:16:39 -07:00
devio.c
USB: fix race leading to a write after kfree in usbfs
2009-07-12 15:16:40 -07:00
driver.c
USB: Avoid PM error messages during resume if a device was disconnected
2009-06-15 21:44:47 -07:00
endpoint.c
usb: convert endpoint devices to bus-less childs of the usb interface
2009-06-15 21:44:45 -07:00
file.c
Driver Core: usb: add nodename support for usb drivers.
2009-06-15 21:30:25 -07:00
generic.c
USB: Enhance usage of pm_message_t
2009-01-07 10:00:03 -08:00
hcd-pci.c
USB: new flag for resume-from-hibernation
2009-06-15 21:44:44 -07:00
hcd.c
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
hcd.h
USB: fix the clear_tt_buffer interface
2009-07-12 15:16:38 -07:00
hub.c
USB: fix the clear_tt_buffer interface
2009-07-12 15:16:38 -07:00
hub.h
USB: fix the clear_tt_buffer interface
2009-07-12 15:16:38 -07:00
inode.c
Push BKL down into ->remount_fs()
2009-06-11 21:36:11 -04:00
Kconfig
Revert USB: usbfs: deprecate and hide option for !embedded
2009-07-12 15:16:39 -07:00
Makefile
USB: add the usbfs devices file to debugfs
2009-06-15 21:44:43 -07:00
message.c
USB: Push scatter gather lists down to host controller drivers.
2009-06-15 21:44:49 -07:00
notify.c
USB : correct comments in usb/core/notify.c
2008-02-01 14:34:44 -08:00
otg_whitelist.h
USB: fix codingstyle issues in drivers/usb/core/*.h
2008-02-01 14:35:07 -08:00
quirks.c
USB: add quirk to avoid config and interface strings
2009-03-24 16:20:25 -07:00
sysfs.c
USB: core/sysfs: fix sparse warnings
2009-06-15 21:44:41 -07:00
urb.c
USB: Support for bandwidth allocation.
2009-06-15 21:44:49 -07:00
usb.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6
2009-06-16 13:06:10 -07:00
usb.h
usb: convert endpoint devices to bus-less childs of the usb interface
2009-06-15 21:44:45 -07:00