| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Mar 2019 06:12:11 +0000
From: "Yang, Fei" <fei.yang@...el.com>
To: Greg KH <gregkh@...uxfoundation.org>
CC: "balbi@...nel.org" <balbi@...nel.org>,
"andrzej.p@...labora.com" <andrzej.p@...labora.com>,
"plr.vincent@...il.com" <plr.vincent@...il.com>,
"Shen, JingX" <jingx.shen@...el.com>,
"john.stultz@...aro.org" <john.stultz@...aro.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v3] usb: gadget: f_fs: don't free buffer prematurely
>> The following kernel panic happens due to the io_data buffer gets
>> deallocated before the async io is completed. Add a check for the case
>> where io_data buffer should be deallocated by ffs_user_copy_worker.
>>
>> [ 41.663334] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
>>
>> Fixes: 772a7a724f6 ("usb: gadget: f_fs: Allow scatter-gather buffers")
>> Signed-off-by: Fei Yang <fei.yang@...el.com>
>> Reviewed-by: Manu Gautam <mgautam@...eaurora.org>
>> Tested-by: John Stultz <john.stultz@...aro.org>
>> ---
>> v2: add tag: "Fixes: 772a7a724f6 ......", Reviewed-by and Tested-by.
>> v3: check data for NULL instead of "ret == -EIOCBQUEUED", which would be safer
>> and keep the original logic intact.
>
> If it "fixes" a problem in 5.0, we should add a:
> Cc: stable <stable@...r.kernel.org>
> to it as well.
Sent [PATCH v4] with Cc: stable
> thanks,
>
> greg k-h
Powered by blists - more mailing lists