system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-22 20:37:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/usb/core
History
Oliver Neukum 516a1a07f0 USB: fix race leading to a write after kfree in usbfs 
this fixes a race between async_completed() and proc_reapurbnonblock().

CPU A                   CPU B

spin_lock(&ps->lock);
list_move_tail(&as->asynclist, &ps->async_completed);
spin_unlock(&ps->lock);

                                if (!(as = async_getcompleted(ps)))
                                        return -EAGAIN;
                                return processcompl(as, (void __user * __user *)arg);

processcompl() calls free_async() which calls kfree(as)

as->status = urb->status;
if (as->signr) {
        sinfo.si_signo = as->signr;
        sinfo.si_errno = as->status;
        sinfo.si_code = SI_ASYNCIO;
        sinfo.si_addr = as->userurb;
        kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
                              as->euid, as->secid);
}
snoop(&urb->dev->dev, "urb complete\n");
snoop_urb(urb, as->userurb);

write after kfree

Signed-off-by: Oliver Neukum <oliver@neukum.org>
2009-07-12 15:16:40 -07:00
..
buffer.c USB: pass mem_flags to dma_alloc_coherent 2009-04-23 14:15:28 -07:00
config.c USB: Change names of SuperSpeed ep companion descriptor structs. 2009-06-15 21:44:50 -07:00
devices.c USB: add missing class descriptions used in usb/devices file 2009-07-12 15:16:39 -07:00
devio.c USB: fix race leading to a write after kfree in usbfs 2009-07-12 15:16:40 -07:00
driver.c USB: Avoid PM error messages during resume if a device was disconnected 2009-06-15 21:44:47 -07:00
endpoint.c usb: convert endpoint devices to bus-less childs of the usb interface 2009-06-15 21:44:45 -07:00
file.c Driver Core: usb: add nodename support for usb drivers. 2009-06-15 21:30:25 -07:00
generic.c USB: Enhance usage of pm_message_t 2009-01-07 10:00:03 -08:00
hcd-pci.c USB: new flag for resume-from-hibernation 2009-06-15 21:44:44 -07:00
hcd.c Remove multiple KERN_ prefixes from printk formats 2009-07-08 10:30:03 -07:00
hcd.h USB: fix the clear_tt_buffer interface 2009-07-12 15:16:38 -07:00
hub.c USB: fix the clear_tt_buffer interface 2009-07-12 15:16:38 -07:00
hub.h USB: fix the clear_tt_buffer interface 2009-07-12 15:16:38 -07:00
inode.c Push BKL down into ->remount_fs() 2009-06-11 21:36:11 -04:00
Kconfig Revert USB: usbfs: deprecate and hide option for !embedded 2009-07-12 15:16:39 -07:00
Makefile USB: add the usbfs devices file to debugfs 2009-06-15 21:44:43 -07:00
message.c USB: Push scatter gather lists down to host controller drivers. 2009-06-15 21:44:49 -07:00
notify.c USB : correct comments in usb/core/notify.c 2008-02-01 14:34:44 -08:00
otg_whitelist.h USB: fix codingstyle issues in drivers/usb/core/*.h 2008-02-01 14:35:07 -08:00
quirks.c USB: add quirk to avoid config and interface strings 2009-03-24 16:20:25 -07:00
sysfs.c USB: core/sysfs: fix sparse warnings 2009-06-15 21:44:41 -07:00
urb.c USB: Support for bandwidth allocation. 2009-06-15 21:44:49 -07:00
usb.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2009-06-16 13:06:10 -07:00
usb.h usb: convert endpoint devices to bus-less childs of the usb interface 2009-06-15 21:44:45 -07:00