shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-03 03:33:01 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
c85a71fe7684ec4c00a71458bfcf148904256721
linux/drivers/usb/host
History
Jia-Ju Bai 55b3d640c3 usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() 
commit c85400f886 upstream.

The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may
be concurrently executed.
The two functions both access a possible shared variable "hep->hcpriv".

This shared variable is freed by r8a66597_endpoint_disable() via the
call path:
r8a66597_endpoint_disable
  kfree(hep->hcpriv) (line 1995 in Linux-4.19)

This variable is read by r8a66597_urb_enqueue() via the call path:
r8a66597_urb_enqueue
  spin_lock_irqsave(&r8a66597->lock)
  init_pipe_info
    enable_r8a66597_pipe
      pipe = hep->hcpriv (line 802 in Linux-4.19)

The read operation is protected by a spinlock, but the free operation
is not protected by this spinlock, thus a concurrency use-after-free bug
may occur.

To fix this bug, the spin-lock and spin-unlock function calls in
r8a66597_endpoint_disable() are moved to protect the free operation.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-09 17:14:47 +01:00
..
whci
USB: whci-hcd: constify hc_driver structures
2017-07-30 07:26:52 -07:00
bcma-hcd.c
USB: bcma: drop Northstar PHY 2.0 initialization code
2016-09-27 12:20:17 +02:00
ehci-atmel.c
usb: ehci-atmel: use __maybe_unused to hide pm functions
2016-03-03 20:37:41 -08:00
ehci-dbg.c
usb: host: fix incorrect updating of offset
2017-12-10 13:40:44 +01:00
ehci-exynos.c
usb: host: ehci-exynos: Handle return value of clk_prepare_enable
2017-06-13 10:48:24 +02:00
ehci-fsl.c
usb: host: make ehci_fsl_overrides const and __initconst
2017-08-31 18:08:46 +02:00
ehci-fsl.h
drivers: usb: fsl: Define usb control register mask for w1c bits
2015-07-22 16:44:35 -07:00
ehci-grlib.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-hcd.c
usb: host: Remove remaining pci_pool in comments
2017-03-16 18:03:31 +09:00
ehci-hub.c
usb: host: ehci: use correct device pointer for dma ops
2018-02-28 10:19:42 +01:00
ehci-mem.c
usb: ehci: use bus->sysdev for DMA configuration
2017-03-23 08:20:21 +01:00
ehci-msm.c
usb: host: ehci-msm: Conditionally call ehci suspend/resume
2016-06-07 22:15:25 -07:00
ehci-mv.c
host: ehci-mv: remove duplicate check on resource
2014-11-07 09:01:50 -08:00
ehci-mxc.c
host: ehci-mxc: remove duplicate check on resource
2014-11-07 09:01:50 -08:00
ehci-omap.c
usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
2017-08-10 11:36:50 -07:00
ehci-orion.c
usb: orion-ehci: Add support for the Armada 3700
2017-03-17 13:32:59 +09:00
ehci-pci.c
USB: EHCI: merge all cases that disable the IO watchdog
2016-10-24 14:36:25 +02:00
ehci-platform.c
USB: ehci-platform: fix companion-device leak
2017-05-17 11:52:44 +02:00
ehci-pmcmsp.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-ppc-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-ps3.c
usb: hcd: move controller wakeup setting initialization to individual driver
2013-12-08 18:06:46 -08:00
ehci-q.c
usb: host: ehci: remove unnecessary max_packet() macro
2016-11-03 10:38:24 +02:00
ehci-sched.c
usb: host: remove unnecessary null check
2017-05-17 12:20:53 +02:00
ehci-sh.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-spear.c
usb/host/: const data must use __initconst not __initdata
2016-04-28 12:35:36 -07:00
ehci-st.c
usb: host: ehci-st: Inform the reset framework that our reset line may be shared
2016-06-30 07:44:21 +01:00
ehci-sysfs.c
usb: host: ehci-sys: delete useless bus_to_hcd conversion
2015-08-18 10:05:23 -07:00
ehci-tegra.c
usb: host: ehci-tegra: Avoid getting the same reset twice
2016-06-07 22:15:25 -07:00
ehci-tilegx.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-timer.c
usb: Make use of ktime_* comparison functions
2017-06-03 18:08:04 +09:00
ehci-w90x900.c
USB: EHCI: ehci-w90x900: remove unuseful functions
2016-11-29 17:36:43 +01:00
ehci-xilinx-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci.h
fsl/usb: Workarourd for USB erratum-A005697
2016-12-05 15:13:58 +01:00
fhci-dbg.c
drivers/usb/host/fhci-dbg.c: remove unnecessary null test before debugfs_remove
2014-07-09 16:13:03 -07:00
fhci-hcd.c
usb: host: fhci-hcd: don't print on ENOMEM
2016-08-30 19:17:37 +02:00
fhci-hub.c
QE: Move QE from arch/powerpc to drivers/soc
2015-12-22 17:12:56 -06:00
fhci-mem.c
USB: make hcd.h public (drivers dependency)
2010-05-20 13:21:30 -07:00
fhci-q.c
USB: make hcd.h public (drivers dependency)
2010-05-20 13:21:30 -07:00
fhci-sched.c
USB: FHCI: avoid redundant condition
2016-05-09 13:08:46 +02:00
fhci-tds.c
usb: whci: fhci: remove comparison to bool
2015-12-04 08:25:58 -08:00
fhci.h
QE: Move QE from arch/powerpc to drivers/soc
2015-12-22 17:12:56 -06:00
fotg210-hcd.c
usb: Make use of ktime_* comparison functions
2017-06-03 18:08:04 +09:00
fotg210.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fsl-mph-dr-of.c
usb: Convert to using %pOF instead of full_name
2017-07-22 15:56:53 +02:00
hwa-hc.c
USB: check usb_get_extra_descriptor for proper size
2018-12-13 09:18:51 +01:00
imx21-dbg.c
usb: kill DEBUG compile option
2013-12-03 10:34:33 -08:00
imx21-hcd.c
usb: imx21-hcd: make imx21_hc_driver const
2017-08-31 18:08:46 +02:00
imx21-hcd.h
usb: kill DEBUG compile option
2013-12-03 10:34:33 -08:00
isp116x-hcd.c
isp116x-hcd: constify hc_driver structures
2017-07-30 07:26:52 -07:00
isp116x.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
isp1362-hcd.c
isp1362-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
isp1362.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Kconfig
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
2018-02-22 15:42:31 +01:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
max3421-hcd.c
usb: host: max3421-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
ohci-at91.c
usb: host: ohci-at91: fix request of irq for optional gpio
2018-11-13 11:14:57 -08:00
ohci-da8xx.c
USB: ohci: da8xx: Resume the entire host controller
2016-11-29 17:31:36 +01:00
ohci-dbg.c
USB: ohci-dbg.c: move assignment out of if () block
2015-05-10 16:01:11 +02:00
ohci-exynos.c
usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths
2017-01-10 17:00:42 +01:00
ohci-hcd.c
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
2018-05-25 16:17:38 +02:00
ohci-hub.c
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
2018-02-28 10:19:41 +01:00
ohci-mem.c
USB: OHCI: use dma_pool_zalloc
2016-11-21 17:33:40 +01:00
ohci-nxp.c
USB: OHCI: nxp: fix code warnings
2016-12-08 17:50:09 +01:00
ohci-omap.c
mfd: tps65010: Move header file out of I2C realm
2017-08-15 08:27:22 +01:00
ohci-pci.c
ohci-pci: add qemu quirk
2017-03-23 08:13:21 +01:00
ohci-platform.c
usb: host: ohci-platform: Add support for omap3 and later
2017-06-03 18:08:04 +09:00
ohci-ppc-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ohci-ps3.c
usb: hcd: move controller wakeup setting initialization to individual driver
2013-12-08 18:06:46 -08:00
ohci-pxa27x.c
usb: host: ohci-pxa27x: Handle return value of clk_prepare_enable
2017-06-29 14:49:06 +02:00
ohci-q.c
usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
2018-02-28 10:19:42 +01:00
ohci-s3c2410.c
USB: OHCI: ohci-s3c2410: remove useless functions
2016-12-05 16:32:51 +01:00
ohci-sa1111.c
usb: ohci-sa1111: remove mach/hardware.h include
2016-08-30 19:24:59 +02:00
ohci-sm501.c
dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags
2017-09-01 11:59:17 +02:00
ohci-spear.c
usb: host: ohci-spear: Fix module autoload for OF platform driver
2015-10-04 10:51:58 +01:00
ohci-st.c
usb: host: ohci-st: Inform the reset framework that our reset line may be shared
2016-06-30 07:44:20 +01:00
ohci-tilegx.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ohci-tmio.c
dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags
2017-09-01 11:59:17 +02:00
ohci.h
ohci-pci: add qemu quirk
2017-03-23 08:13:21 +01:00
oxu210hp-hcd.c
usb: host: Remove remaining pci_pool in comments
2017-03-16 18:03:31 +09:00
oxu210hp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pci-quirks.c
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
pci-quirks.h
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
r8a66597-hcd.c
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
2019-01-09 17:14:47 +01:00
r8a66597.h
usb/host/r8a66597: remove conditional compilation of clk code
2012-07-30 17:25:12 -07:00
sl811_cs.c
usb: delete non-required instances of include <linux/init.h>
2014-01-08 15:01:39 -08:00
sl811-hcd.c
usb: host/sl811-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
sl811.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ssb-hcd.c
USB: ssb: use devm_kzalloc
2015-06-08 14:26:22 -07:00
u132-hcd.c
usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
2018-09-26 08:38:07 +02:00
uhci-debug.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-grlib.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-hcd.c
usb/uhci: Add support for Aspeed BMC SoCs
2017-05-25 14:30:13 +02:00
uhci-hcd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-hub.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-pci.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-platform.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-q.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xhci-dbg.c
usb: xhci: remove xhci_dbg_ctx()
2017-04-08 12:17:42 +02:00
xhci-ext-caps.h
usb: host: xhci: remove unneded semicolon
2017-01-25 10:59:06 +01:00
xhci-hub.c
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
2018-12-29 13:39:08 +01:00
xhci-mem.c
xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
2018-07-17 11:39:26 +02:00
xhci-mtk-sch.c
usb: host: xhci: purge GET_MAX_PACKET()
2016-11-03 10:38:22 +02:00
xhci-mtk.c
usb: xhci-mtk: resume USB3 roothub first
2018-10-13 09:27:26 +02:00
xhci-mtk.h
usb: xhci-mtk: add reference clock
2017-01-19 10:37:16 +01:00
xhci-mvebu.c
usb: host: xhci: plat: change type of mvebu init_quirk()
2016-04-26 16:08:02 -07:00
xhci-mvebu.h
usb: host: xhci: plat: change type of mvebu init_quirk()
2016-04-26 16:08:02 -07:00
xhci-pci.c
xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
2018-12-13 09:18:52 +01:00
xhci-plat.c
usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing"
2018-05-25 16:17:38 +02:00
xhci-plat.h
usb: host: xhci-plat: add resume_quirk()
2017-04-19 19:59:17 +02:00
xhci-rcar.c
usb: host: xhci-rcar: add support for r8a77965
2018-03-19 08:42:45 +01:00
xhci-rcar.h
usb: host: xhci-plat: set resume_quirk() for R-Car controllers
2017-04-19 19:59:17 +02:00
xhci-ring.c
usb: xhci: fix uninitialized completion when USB3 port got wrong status
2018-12-01 09:42:59 +01:00
xhci-tegra.c
usb: xhci: remove the code build warning
2018-08-24 13:09:06 +02:00
xhci-trace.c
xhci: Export symbols used by host-controller drivers
2014-10-03 14:44:45 -07:00
xhci-trace.h
xhci: Fix kernel oops in trace_xhci_free_virt_device
2018-07-08 15:30:47 +02:00
xhci.c
xhci: Prevent U1/U2 link pm states if exit latency is too long
2018-12-13 09:18:52 +01:00
xhci.h
USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
2018-12-29 13:39:08 +01:00