forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Ming Lei 5b05ac638c usbnet: fix skb traversing races during unlink(v2) 
commit 5b6e9bcdeb upstream.

Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid
recursive locking in usbnet_stop()) fixes the recursive locking
problem by releasing the skb queue lock before unlink, but may
cause skb traversing races:
	- after URB is unlinked and the queue lock is released,
	the refered skb and skb->next may be moved to done queue,
	even be released
	- in skb_queue_walk_safe, the next skb is still obtained
	by next pointer of the last skb
	- so maybe trigger oops or other problems

This patch extends the usage of entry->state to describe 'start_unlink'
state, so always holding the queue(rx/tx) lock to change the state if
the referd skb is in rx or tx queue because we need to know if the
refered urb has been started unlinking in unlink_urbs.

The other part of this patch is based on Huajun's patch:
always traverse from head of the tx/rx queue to get skb which is
to be unlinked but not been started unlinking.

Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Cc: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-05-21 09:40:01 -07:00
..
accessibility
acpi ACPICA: Fix to allow region arguments to reference other scopes 2012-04-22 16:21:43 -07:00
amba
ata libata: skip old error history when counting probe trials 2012-05-07 08:56:39 -07:00
atm
auxdisplay
base PM / Driver core: leave runtime PM enabled during system shutdown 2012-03-19 08:57:44 -07:00
bcma
block cciss: Fix scsi tape io with more than 255 scatter gather elements 2012-04-22 16:21:24 -07:00
bluetooth Bluetooth: Add support for Atheros [04ca:3005] 2012-04-27 09:51:09 -07:00
cdrom cdrom: use copy_to_user() without the underscores 2012-02-29 16:34:35 -08:00
char TPM: Zero buffer after copying to userspace 2011-10-03 11:40:58 -07:00
clk
clocksource
connector
cpufreq powernow-k8: Fix indexing issue 2012-02-13 11:06:13 -08:00
cpuidle
crypto crypto: mv_cesa - fix final callback not ignoring input data 2012-03-12 10:32:56 -07:00
dca
dio
dma dmaengine: at_hdmac: remove clear-on-read in atc_dostart() 2012-05-07 08:56:33 -07:00
edac i7core_edac: fixed typo in error count calculation 2011-08-29 13:29:06 -07:00
eisa
firewire firewire: ohci: fix too-early completion of IR multichannel buffers 2012-04-02 09:27:13 -07:00
firmware efivars: Improve variable validation 2012-05-07 08:56:38 -07:00
gpio gpio/pca953x: Fix warning of enabled interrupts in handler 2012-02-20 12:48:11 -08:00
gpu drm/i915: fix integer overflow in i915_gem_do_execbuffer() 2012-05-07 08:56:34 -07:00
hid HID: add more hotkeys in Asus AIO keyboards 2012-04-02 09:27:12 -07:00
hwmon hwmon: (coretemp) fix oops on cpu unplug 2012-05-07 08:56:39 -07:00
hwspinlock hwspinlock/core: use a mutex to protect the radix tree 2011-11-11 09:36:31 -08:00
i2c i2c: pnx: Disable clk in suspend 2012-05-07 08:56:39 -07:00
ide block: add and use scsi_blk_cmd_ioctl 2012-01-25 17:24:54 -08:00
idle intel_idle: fix API misuse 2012-01-25 17:24:56 -08:00
ieee802154
infiniband IB/iser: Post initial receive buffers before sending the final login request 2012-04-02 09:27:10 -07:00
input Input: ALPS - fix touchpad detection when buttons are pressed 2012-03-12 10:33:00 -07:00
isdn net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared 2011-08-15 18:31:38 -07:00
leds Revert "leds: save the delay values after a successful call to blink_set()" 2011-11-21 14:31:19 -08:00
lguest
macintosh
mca
md md/bitmap: prevent bitmap_daemon_work running while initialising bitmap 2012-04-22 16:21:44 -07:00
media media: rc-core: set mode for winbond-cir 2012-04-27 09:51:06 -07:00
memstick
message
mfd mfd: Clear twl6030 IRQ status register only once 2012-04-13 08:14:08 -07:00
misc pch_phub: Improve ADE(Address Decode Enable) control 2012-04-22 16:21:42 -07:00
mmc mmc: unbreak sdhci-esdhc-imx on i.MX25 2012-05-07 08:56:35 -07:00
mtd mtd: m25p80: set writebufsize 2012-04-13 08:14:05 -07:00
net usbnet: fix skb traversing races during unlink(v2) 2012-05-21 09:40:01 -07:00
nfc
nubus
of
oprofile oprofile: Fix uninitialized memory access when writing to writing to oprofilefs 2012-01-06 14:13:51 -08:00
parisc
parport
pci PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs 2012-04-27 09:51:08 -07:00
pcmcia pcmcia: fix socket refcount decrementing on each resume 2012-02-13 11:06:10 -08:00
platform sony-laptop: Enable keyboard backlight by default 2012-05-21 09:40:00 -07:00
pnp PNPACPI: Fix device ref leaking in acpi_pnp_match 2012-04-13 08:14:05 -07:00
power drivers/power/ds2780_battery.c: fix deadlock upon insertion and removal 2011-11-11 09:36:32 -08:00
pps
ps3
ptp ptp: Fix clock_getres() implementation 2011-12-21 12:57:36 -08:00
rapidio rapidio: fix use of non-compatible registers 2011-10-03 11:39:46 -07:00
regulator regulator: Fix the logic to ensure new voltage setting in valid range 2012-05-21 09:39:58 -07:00
rtc drivers/rtc/rtc-pl031.c: enable clock on all ST variants 2012-04-22 16:21:23 -07:00
s390 compat: Re-add missing asm/compat.h include to fix compile breakage on s390 2012-03-19 08:57:59 -07:00
sbus
scsi SCSI: libsas: fix false positive 'device attached' conditions 2012-05-07 08:56:37 -07:00
sfi
sh
sn
spi spi: Fix device unregistration when unregistering the bus master 2012-04-27 09:51:09 -07:00
ssb ssb: fix init regression with SoCs 2012-01-06 14:13:48 -08:00
staging brcm80211: smac: resume transmit fifo upon receiving frames 2012-05-07 08:56:34 -07:00
target target: Fix 16-bit target ports for SET TARGET PORT GROUPS emulation 2012-04-02 09:27:12 -07:00
tc
telephony
thermal
tty drivers/tty/amiserial.c: add missing tty_unlock 2012-04-27 09:51:07 -07:00
uio
usb usb gadget: uvc: uvc_request_data::length field must be signed 2012-05-07 08:56:36 -07:00
uwb uwb: fix error handling 2012-04-27 09:51:06 -07:00
vhost
video video:uvesafb: Fix oops that uvesafb try to execute NX-protected page 2012-04-22 16:21:24 -07:00
virtio virtio-pci: fix use after free 2011-11-21 14:31:14 -08:00
vlynq
w1 drivers/power/ds2780_battery.c: add a nolock function to w1 interface 2011-11-11 09:36:32 -08:00
watchdog watchdog: hpwdt: clean up set_memory_x call for 32 bit 2012-03-12 10:32:40 -07:00
xen xen/xenbus: Add quirk to deal with misconfigured backends. 2012-04-27 09:51:05 -07:00
zorro zorro: Defer device_register() until all devices have been identified 2011-10-03 11:40:57 -07:00
Kconfig
Makefile