forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include/linux/usb
History
Oliver Neukum 2d4cf3d6f3 usbnet: include wait queue head in device structure 
[ Upstream commit 14a0d635d1 ]

This fixes a race which happens by freeing an object on the stack.
Quoting Julius:
> The issue is
> that it calls usbnet_terminate_urbs() before that, which temporarily
> installs a waitqueue in dev->wait in order to be able to wait on the
> tasklet to run and finish up some queues. The waiting itself looks
> okay, but the access to 'dev->wait' is totally unprotected and can
> race arbitrarily. I think in this case usbnet_bh() managed to succeed
> it's dev->wait check just before usbnet_terminate_urbs() sets it back
> to NULL. The latter then finishes and the waitqueue_t structure on its
> stack gets overwritten by other functions halfway through the
> wake_up() call in usbnet_bh().

The fix is to just not allocate the data structure on the stack.
As dev->wait is abused as a flag it also takes a runtime PM change
to fix this bug.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Grant Grundler <grundler@google.com>
Tested-by: Grant Grundler <grundler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-04-14 06:42:18 -07:00
..
association.h
atmel_usba_udc.h
audio-v2.h
audio.h
c67x00.h
cdc-wdm.h
cdc_ncm.h
ch9.h
chipidea.h
composite.h usb: gadget: the start of the configfs interface 2013-04-03 14:43:32 +03:00
dwc3-omap.h
ehci_def.h
ehci_pdriver.h
ezusb.h
functionfs.h
g_hid.h
gadget.h Correct typo "supperspeed" to "superspeed". 2013-05-15 17:19:15 +03:00
gadget_configfs.h usb: gadget: the start of the configfs interface 2013-04-03 14:43:32 +03:00
gpio_vbus.h
hcd.h USB: fix build error when CONFIG_PM_SLEEP isn't enabled 2013-09-26 17:18:12 -07:00
input.h
intel_mid_otg.h
iowarrior.h
irda.h
isp116x.h
isp1301.h
isp1362.h
isp1760.h
m66592.h
msm_hsusb.h
msm_hsusb_hw.h
musb-omap.h
musb-ux500.h
musb.h
net2280.h
nop-usb-xceiv.h
ohci_pdriver.h
omap_control_usb.h
omap_usb.h
otg.h
phy.h
phy_companion.h
quirks.h
r8a66597.h
renesas_usbhs.h usb: renesas_usbhs: fixup sparse errors for common.c 2013-04-02 11:42:48 +03:00
rndis_host.h
samsung_usb_phy.h
serial.h USB: serial: add generic wait_until_sent implementation 2013-05-16 17:32:21 -07:00
sl811.h
storage.h
tegra_usb_phy.h usb: phy: tegra: don't call into tegra-ehci directly 2013-04-23 12:50:38 -07:00
tilegx.h
uas.h
ulpi.h
usbnet.h usbnet: include wait queue head in device structure 2014-04-14 06:42:18 -07:00
wusb-wa.h
wusb.h