lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 14 Nov 2006 10:02:17 +0100
From:	Mariusz Kozlowski <m.kozlowski@...land.pl>
To:	Luca Risolia <luca.risolia@...dio.unibo.it>,
	Andrew Morton <akpm@...l.org>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 10/33] usb: sn9c102_core free urb cleanup

Hello Luca,

> >- usb_free_urb() cleanup
> >
> >Signed-off-by: Mariusz Kozlowski <m.kozlowski@...land.pl>
> >
> >--- linux-2.6.19-rc4-orig/drivers/media/video/sn9c102/sn9c102_core.c   
> > 2006-11-06 17:07:45.000000000 +0100 +++
> > linux-2.6.19-rc4/drivers/media/video/sn9c102/sn9c102_core.c 2006-11-06
> > 19:57:35.000000000 +0100 @@ -775,7 +775,7 @@ static int
> > sn9c102_start_transfer(struct
> >        return 0;
> >
> > free_urbs:
> >-       for (i = 0; (i < SN9C102_URBS) &&  cam->urb[i]; i++)
> >+       for (i = 0; i < SN9C102_URBS; i++)
> >                usb_free_urb(cam->urb[i]);
> >
> > free_buffers:
>
> This patch might cause usb_free_urb() to fail if not all the URBs have been
> allocated successfully: in this case, the original loop stops as soon as
> cam->urb[i] == NULL (where NULL is given from the failed allocation),
> while in the second loop there might be a not null cam->urb[i+n]
> pointing to an URB that has already been deallocated elsewhere.
>
> The same bug is present in PATCH 12/33.

Err ... you are right :/ In most drivers urb pointers get zeroed right after 
deallocation. Here they don't. So my patches might cause what you described.

Andrew can you please drop these two patches? 

usb-zc0301_core-free-urb-cleanup.patch
usb-sn9c102_core-free-urb-cleanup.patch

Thanks.

-- 
Regards,

	Mariusz Kozlowski
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists