mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-13 15:32:15 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
16e80218816488f016418717d23c660abe073a67
linux/drivers
History
Douglas Anderson 16e8021881 usb: dwc2: host: Avoid use of chan->qh after qh freed 
When poking around with USB devices with slub_debug enabled, I found
another obvious use after free.  Turns out that in dwc2_hc_n_intr() I
was in a state when the contents of chan->qh was filled with 0x6b,
indicating that chan->qh was freed but chan still had a reference to
it.

Let's make sure that whenever we free qh we also make sure we remove a
reference from its channel.

The bug fixed here doesn't appear to be new--I believe I just got lucky
and happened to see it while stress testing.

Acked-by: John Youn <johnyoun@synopsys.com>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-03-04 15:14:40 +02:00
..
accessibility
acpi
Merge tag 'pci-v4.5-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2016-02-27 12:33:42 -08:00
amba
android
drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE
2016-02-20 15:43:56 -08:00
ata
ahci: Intel DNV device IDs SATA
2016-02-10 11:35:55 -05:00
atm
atm: solos-pci: use to_pci_dev()
2015-12-29 15:32:24 -05:00
auxdisplay
base
Merge branch 'component' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
2016-02-14 10:40:21 -08:00
bcma
Merge tag 'gpio-v4.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
2016-01-17 12:32:01 -08:00
block
null_blk: oops when initializing without lightnvm
2016-02-11 08:56:09 -07:00
bluetooth
Bluetooth: btmrvl: don't send data to firmware while processing suspend
2016-01-06 16:37:14 +01:00
bus
Merge tag 'vexpress-for-v4.5/fixes-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into fixes
2016-02-01 12:27:18 -08:00
cdrom
cdrom: don't open-code memdup_user()
2016-01-06 08:25:24 -05:00
char
drivers: char: random: add get_random_long()
2016-02-27 10:28:52 -08:00
clk
clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
2016-02-22 14:03:02 -08:00
clocksource
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2016-01-31 15:49:06 -08:00
connector
connector: bump skb->users before callback invocation
2016-01-04 21:46:45 -05:00
cpufreq
Merge branches 'pm-cpuidle', 'pm-cpufreq', 'pm-domains' and 'pm-sleep'
2016-01-29 21:45:17 +01:00
cpuidle
Merge branches 'pm-cpuidle', 'pm-cpufreq', 'pm-domains' and 'pm-sleep'
2016-01-29 21:45:17 +01:00
crypto
crypto: marvell/cesa - fix test in mv_cesa_dev_dma_init()
2016-02-06 15:23:56 +08:00
dca
devfreq
PM / devfreq: tegra: Set freq in rate callback
2016-02-23 14:27:42 +09:00
dio
dma
dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
2016-02-15 22:19:32 +05:30
dma-buf
edac
EDAC, i5100: Use to_delayed_work()
2016-01-01 18:31:34 +01:00
eisa
extcon
firewire
firmware
efi: Add pstore variables to the deletion whitelist
2016-02-16 12:48:18 +00:00
fmc
fpga
gpio
gpio: davinci: Fix the number of controllers allocated
2016-02-10 11:00:49 +01:00
gpu
drm/nouveau/disp/dp: ensure sink is powered up before attempting link training
2016-02-25 13:15:43 +10:00
hid
Merge tag 'asm-generic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic
2016-01-20 17:30:20 -08:00
hsi
HSI: omap_ssi_port: fix handling of_get_named_gpio result
2016-01-07 16:07:54 +01:00
hv
Merge tag 'char-misc-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2016-01-13 10:23:36 -08:00
hwmon
hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook
2016-02-19 17:14:25 -08:00
hwspinlock
drivers/hwspinlock: fix race between radix tree insertion and lookup
2016-02-03 08:28:43 -08:00
hwtracing
i2c
i2c: i801: Adding Intel Lewisburg support for iTCO
2016-02-18 13:18:48 +01:00
ide
drivers/ide: make ide-scan-pci.c driver explicitly non-modular
2016-01-18 14:12:33 -05:00
idle
iio
Merge tag 'iio-fixes-for-4.5b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
2016-02-01 13:08:26 -08:00
infiniband
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-02-22 12:18:07 -08:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2016-02-10 12:21:57 -08:00
iommu
Merge tag 'for-linus-20160216' of git://git.infradead.org/intel-iommu
2016-02-16 08:04:06 -08:00
ipack
irqchip
irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
2016-02-17 17:39:05 +00:00
isdn
ser_gigaset: use container_of() instead of detour
2016-02-19 15:52:41 -05:00
leds
Merge tag 'gpio-v4.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
2016-01-17 12:32:01 -08:00
lguest
lguest: Map switcher text R/O
2016-01-12 12:17:28 +01:00
lightnvm
lightnvm: allow to force mm initialization
2016-02-04 09:19:45 -07:00
macintosh
mailbox
mailbox: Fix dependencies for !HAS_IOMEM archs
2016-02-02 16:47:14 +05:30
mcb
md
dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths
2016-02-21 20:27:50 -05:00
media
[media] saa7134-alsa: Only frees registered sound cards
2016-02-04 16:26:10 -02:00
memory
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2016-01-20 18:42:30 -08:00
memstick
memstick: use sector_div instead of do_div
2016-01-20 17:09:18 -08:00
message
mfd
thermal: allow u8500-thermal driver to be a module
2016-02-09 14:18:23 -08:00
misc
mei: validate request value in client notify request ioctl
2016-02-06 22:12:56 -08:00
mmc
mmc: omap_hsmmc: Fix PM regression with deferred probe for pm_runtime_reinit
2016-02-15 14:10:48 +01:00
mtd
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-01-24 12:50:56 -08:00
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-02-22 12:18:07 -08:00
nfc
nfc: pn544: Remove i2c client gpio irq configuration
2015-12-29 19:06:23 +01:00
ntb
NTB: Fix macro parameter conflict with field name
2016-01-21 19:53:10 -05:00
nubus
nvdimm
nvdimm: use 'u64' for pfn flags
2016-02-23 17:17:20 -08:00
nvme
NVMe: Rate limit nvme IO warnings
2016-02-12 08:10:31 -07:00
nvmem
nvmem: qfprom: Specify LE device endianness
2016-02-07 23:09:13 -08:00
of
Merge tag 'devicetree-fixes-for-4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
2016-02-17 11:50:53 -08:00
oprofile
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
parisc
parisc: convert to dma_map_ops
2016-01-20 17:09:18 -08:00
parport
parport: avoid assignment in if
2016-01-03 16:32:59 -08:00
pci
Merge tag 'pci-v4.5-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2016-02-27 12:33:42 -08:00
pcmcia
perf
phy
phy: twl4030-usb: Fix unbalanced pm_runtime_enable on module reload
2016-02-10 11:46:01 +05:30
pinctrl
pinctrl: samsung: fix SMP race condition
2016-02-15 20:45:50 +01:00
platform
intel_scu_ipcutil: underflow in scu_reg_access()
2016-01-30 09:40:35 -08:00
pnp
PNP: Add Haswell-ULT to Intel MCH size workaround
2016-02-03 01:00:29 +01:00
power
power: bq27xxx_battery: Restore device name
2016-02-21 20:49:34 +01:00
powercap
Merge branch 'powercap'
2016-01-12 01:12:40 +01:00
pps
ps3
ptp
ptp: ixp46x: use helpers for converting ns to timespec
2016-01-29 12:38:59 -08:00
pwm
pwm: Mark all devices as "might sleep"
2016-01-21 15:04:59 +01:00
rapidio
rapidio: use kobj_to_dev()
2016-01-20 17:09:18 -08:00
ras
regulator
Merge tag 'regulator-v4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
2016-01-15 12:14:47 -08:00
remoteproc
virtio: make find_vqs() checkpatch.pl-friendly
2016-01-12 20:47:06 +02:00
reset
rpmsg
virtio: make find_vqs() checkpatch.pl-friendly
2016-01-12 20:47:06 +02:00
rtc
Merge tag 'rtc-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
2016-01-18 12:10:45 -08:00
s390
s390/dasd: fix performance drop
2016-02-17 09:24:07 +01:00
sbus
convert a bunch of open-coded instances of memdup_user_nul()
2016-01-04 10:26:58 -05:00
scsi
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2016-02-18 16:24:48 -08:00
sfi
sh
drivers: sh: Restore legacy clock domain on SuperH platforms
2016-02-25 09:05:19 +09:00
sn
soc
Merge tag 'armsoc-tegra' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2016-01-22 17:30:52 -08:00
spi
Merge remote-tracking branches 'spi/fix/atmel', 'spi/fix/bcm2835aux', 'spi/fix/fsl-espi', 'spi/fix/imx', 'spi/fix/loopback' and 'spi/fix/omap2-mcspi' into spi-linus
2016-02-12 23:04:41 +00:00
spmi
ssb
ssb: mark ssb_bus_register as __maybe_unused
2016-01-19 21:25:57 +02:00
staging
Merge tag 'staging-4.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2016-02-06 22:13:16 -08:00
target
target/transport: add flag to indicate CPU Affinity is observed
2016-02-10 23:08:55 -08:00
tc
thermal
thermal: cpu_cooling: fix out of bounds access in time_in_idle
2016-02-11 07:13:29 -08:00
thunderbolt
tty
Revert "8250: uniphier: allow modular build with 8250 console"
2016-02-07 18:22:54 -08:00
uio
usb
usb: dwc2: host: Avoid use of chan->qh after qh freed
2016-03-04 15:14:40 +02:00
uwb
vfio
vfio/noiommu: Don't use iommu_present() to track fake groups
2016-01-27 11:22:25 -07:00
vhost
video
video: fbdev: imxfb: Provide a reset mechanism
2016-01-29 14:20:16 +02:00
virt
virtio
virtio_pci: fix use after free on release
2016-01-26 10:18:28 +02:00
vlynq
vme
w1
watchdog
watchdog: Fix dependencies for !HAS_IOMEM archs
2016-01-31 16:54:36 +01:00
xen
Merge tag 'for-linus-4.5-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
2016-02-22 13:57:01 -08:00
zorro
Kconfig
Makefile