lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <99a757d9-a17f-47dd-8a52-7994fc5d1e53@ideasonboard.com>
Date:   Thu, 2 Nov 2023 11:38:32 +0000
From:   Dan Scally <dan.scally@...asonboard.com>
To:     Avichal Rakesh <arakesh@...gle.com>
Cc:     etalvala@...gle.com, gregkh@...uxfoundation.org,
        jchowdhary@...gle.com, laurent.pinchart@...asonboard.com,
        linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        m.grzeschik@...gutronix.de
Subject: Re: [PATCH v10 2/4] usb: gadget: uvc: Allocate uvc_requests one at a
 time


On 01/11/2023 22:13, Avichal Rakesh wrote:
>
> On 11/1/23 04:06, Dan Scally wrote:
>> Morning Avichal
>>
>> On 30/10/2023 20:22, Avichal Rakesh wrote:
>>> Currently, the uvc gadget driver allocates all uvc_requests as one array
>>> and deallocates them all when the video stream stops. This includes
>>> de-allocating all the usb_requests associated with those uvc_requests.
>>> This can lead to use-after-free issues if any of those de-allocated
>>> usb_requests were still owned by the usb controller.
>>>
>>> This patch is 1 of 2 patches addressing the use-after-free issue.
>>> Instead of bulk allocating all uvc_requests as an array, this patch
>>> allocates uvc_requests one at a time, which should allows for similar
>>> granularity when deallocating the uvc_requests. This patch has no
>>> functional changes other than allocating each uvc_request separately,
>>> and similarly freeing each of them separately.
>>>
>>> Link: https://lore.kernel.org/7cd81649-2795-45b6-8c10-b7df1055020d@google.com
>>> Suggested-by: Michael Grzeschik <m.grzeschik@...gutronix.de>
>>> Reviewed-by: Michael Grzeschik <m.grzeschik@...gutronix.de>
>>> Tested-by: Michael Grzeschik <m.grzeschik@...gutronix.de>
>>> Signed-off-by: Avichal Rakesh <arakesh@...gle.com>
>>
>> Thanks for the update; this seems ok now:
>>
>>
>> Reviewed-by: Daniel Scally <dan.scally@...asonboard.com>
> Awesome, thank you! I'll add the Reviewed-by in the next patchset
> (assuming you have more review comments on patch 4/4 v10).


Sorry yes - taking me a while to wrap my head around everything but I hope to be done shortly!

>
> Regards,
> Avi.
>
>>> ---
>>> v1 -> v2 : Rebased to ToT
>>> v2 -> v3 : Fix email threading goof-up
>>> v3 -> v4 : Address review comments & re-rebase to ToT
>>> v4 -> v5 : Address more review comments. Add Reviewed-by & Tested-by.
>>> v5 -> v6 : No change
>>> v6 -> v7 : No change
>>> v7 -> v8 : No change. Getting back in review queue
>>> v8 -> v9 : Address review comments.
>>> v9 -> v10: Address review comments; remove BUG_ON(&video->reqs);
>>>              Rebase to ToT (usb-next)
>>>
>>>    <snip>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ