malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/drivers
History
Oliver Neukum 516a1a07f0 USB: fix race leading to a write after kfree in usbfs 
this fixes a race between async_completed() and proc_reapurbnonblock().

CPU A                   CPU B

spin_lock(&ps->lock);
list_move_tail(&as->asynclist, &ps->async_completed);
spin_unlock(&ps->lock);

                                if (!(as = async_getcompleted(ps)))
                                        return -EAGAIN;
                                return processcompl(as, (void __user * __user *)arg);

processcompl() calls free_async() which calls kfree(as)

as->status = urb->status;
if (as->signr) {
        sinfo.si_signo = as->signr;
        sinfo.si_errno = as->status;
        sinfo.si_code = SI_ASYNCIO;
        sinfo.si_addr = as->userurb;
        kill_pid_info_as_uid(as->signr, &sinfo, as->pid, as->uid,
                              as->euid, as->secid);
}
snoop(&urb->dev->dev, "urb complete\n");
snoop_urb(urb, as->userurb);

write after kfree

Signed-off-by: Oliver Neukum <oliver@neukum.org>
2009-07-12 15:16:40 -07:00
..
accessibility
acpi
ACPI: video: prevent NULL deref in acpi_get_pci_dev()
2009-06-26 00:23:42 -04:00
amba
[ARM] amba: fix amba device resources
2009-07-05 22:39:08 +01:00
ata
libata: don't set IORDY for reset
2009-06-23 01:54:30 -04:00
atm
auxdisplay
base
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6
2009-07-08 09:35:22 -07:00
block
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
2009-07-10 19:12:24 -07:00
bluetooth
cdrom
char
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
clocksource
clocksource: sh_tmu: Make undefined TCOR behaviour less undefined.
2009-06-24 21:08:11 +09:00
connector
cpufreq
[CPUFREQ] Fix compile failure in cpufreq.c
2009-07-08 19:04:23 -04:00
cpuidle
crypto
dca
dio
dma
DMA: txx9dmac: use dma_unmap_single if DMA_COMPL_{SRC,DEST}_UNMAP_SINGLE set
2009-06-24 18:34:40 +01:00
edac
edac: add DDR3 memory type for MPC85xx EDAC
2009-06-30 18:55:59 -07:00
eisa
firewire
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
2009-07-06 14:03:44 -07:00
firmware
gpio
Update Yoichi Yuasa's e-mail address
2009-07-03 15:45:29 +01:00
gpu
drm/i915: Fix for LVDS VBT change on IGDNG
2009-07-10 14:11:06 -07:00
hid
hwmon
i2c
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
ide
Revert "ide: improve handling of Power Management requests"
2009-07-06 12:39:27 -07:00
idle
ieee1394
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
2009-07-06 14:03:44 -07:00
ieee802154
infiniband
Merge branches 'ehca', 'misc', 'mlx4', 'mthca' and 'nes' into for-linus
2009-06-23 10:38:47 -07:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2009-07-08 09:32:41 -07:00
isdn
gigaset: drop pointless check
2009-07-02 13:16:46 -07:00
leds
Update Yoichi Yuasa's e-mail address
2009-07-03 15:45:29 +01:00
lguest
eventfd: revised interface and cleanups
2009-06-30 18:55:58 -07:00
macintosh
powerpc/pmac: Fix DMA ops for MacIO devices
2009-06-26 14:37:25 +10:00
mca
md
Fix congestion_wait() sync/async vs read/write confusion
2009-07-10 20:31:53 +02:00
media
V4L/DVB (12203): radio-si470x: fix lock imbalance
2009-07-05 19:21:49 -03:00
memstick
message
fusion: mptsas, fix lock imbalance
2009-06-22 08:54:14 -05:00
mfd
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2009-07-08 09:32:41 -07:00
misc
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
mmc
spi: add spi_master flag word
2009-06-30 18:56:00 -07:00
mtd
UBI: fix compilation warnings
2009-07-08 10:15:41 +03:00
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2009-07-09 20:33:18 -07:00
nubus
of
oprofile
oprofile: reset bt_lost_no_mapping with other stats
2009-07-10 12:35:36 +02:00
parisc
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
parport
parport/serial: add support for NetMos 9901 Multi-IO card
2009-06-30 18:55:59 -07:00
pci
intel-iommu: Fix intel_iommu_unmap_range() with size 0
2009-07-08 09:35:10 -07:00
pcmcia
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
platform
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2009-07-09 20:33:18 -07:00
pnp
Merge branches 'acerhdf', 'acpi-pci-bind', 'bjorn-pci-root', 'bugzilla-12904', 'bugzilla-13121', 'bugzilla-13396', 'bugzilla-13533', 'bugzilla-13612', 'c3_lock', 'hid-cleanups', 'misc-2.6.31', 'pdc-leak-fix', 'pnpacpi', 'power_nocheck', 'thinkpad_acpi', 'video' and 'wmi' into release
2009-06-24 01:19:50 -04:00
power
pps
ps3
rapidio
regulator
rtc
rtc: ds1374, fix lock imbalance
2009-07-06 13:57:03 -07:00
s390
[S390] improve suspend/resume error messages
2009-07-07 16:37:53 +02:00
sbus
scsi
block: fix sg SG_DXFER_TO_FROM_DEV regression
2009-07-10 20:31:53 +02:00
serial
Remove multiple KERN_ prefixes from printk formats
2009-07-08 10:30:03 -07:00
sh
sn
spi
spi: bitbang bugfix in message setup
2009-06-30 18:56:00 -07:00
ssb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2009-07-09 20:33:18 -07:00
staging
Staging: octeon-ethernet: Fix race freeing transmit buffers.
2009-06-24 18:34:41 +01:00
tc
telephony
thermal
uio
usb
USB: fix race leading to a write after kfree in usbfs
2009-07-12 15:16:40 -07:00
uwb
video
mx3fb: fix regression with uninitalized fb_info->mm_lock mutex
2009-07-09 20:44:44 -07:00
virtio
vlynq
vlynq: fix typo in Kconfig to enable debugging
2009-07-06 13:57:03 -07:00
w1
Merge git://git.infradead.org/battery-2.6
2009-06-24 14:35:57 -07:00
watchdog
[WATCHDOG] w83627hf_wdt.c: add support for the W83627EHF support
2009-07-09 18:29:45 +00:00
xen
xen: Use kcalloc() in xen_init_IRQ()
2009-07-01 11:19:47 +02:00
zorro
Kconfig
Makefile