| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f382765c6d30972ab84224a1b3982f62@codeaurora.org>
Date: Wed, 20 Mar 2019 09:01:05 +0530
From: mgautam@...eaurora.org
To: fei.yang@...el.com
Cc: balbi@...nel.org, gregkh@...uxfoundation.org,
zhangjerry@...gle.com, andrzej.p@...labora.com,
plr.vincent@...il.com, jingx.shen@...el.com,
john.stultz@...aro.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-usb-owner@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: f_fs: don't free buffer prematurely
On 2019-03-20 04:55, fei.yang@...el.com wrote:
> From: Fei Yang <fei.yang@...el.com>
>
> The following kernel panic happens due to the io_data buffer gets
> deallocated
> before the async io is completed. Add a check for the case where
> io_data buffer
> should be deallocated by ffs_user_copy_worker.
[snip]
Please add tag - 'Fixes: 772a7a724f6 ("usb: gadget: f_fs: Allow
scatter-gather buffers")
> ---
> drivers/usb/gadget/function/f_fs.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/gadget/function/f_fs.c
> b/drivers/usb/gadget/function/f_fs.c
> index 20413c2..47be961 100644
> --- a/drivers/usb/gadget/function/f_fs.c
> +++ b/drivers/usb/gadget/function/f_fs.c
> @@ -1133,7 +1133,8 @@ static ssize_t ffs_epfile_io(struct file *file,
> struct ffs_io_data *io_data)
> error_mutex:
> mutex_unlock(&epfile->mutex);
> error:
> - ffs_free_buffer(io_data);
> + if (ret != -EIOCBQUEUED) /* don't free if there is iocb queued */
> + ffs_free_buffer(io_data);
> return ret;
> }
Powered by blists - more mailing lists