mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 15:18:19 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/usb/gadget
History
Jerome Brunet 068fdad204 usb: gadget: u_audio: fix race condition on endpoint stop 
If the endpoint completion callback is call right after the ep_enabled flag
is cleared and before usb_ep_dequeue() is call, we could do a double free
on the request and the associated buffer.

Fix this by clearing ep_enabled after all the endpoint requests have been
dequeued.

Fixes: 7de8681be2 ("usb: gadget: u_audio: Free requests only after callback")
Cc: stable <stable@vger.kernel.org>
Reported-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://lore.kernel.org/r/20210827092927.366482-1-jbrunet@baylibre.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-08-27 16:07:23 +02:00
..
function usb: gadget: u_audio: fix race condition on endpoint stop 2021-08-27 16:07:23 +02:00
legacy usb: gadget: hid: fix error return code in hid_bind() 2021-06-21 11:27:54 +02:00
udc usb: gadget: remove leaked entry from udc driver list 2021-07-27 15:54:01 +02:00
composite.c usb: gadget: composite: Report various SSP sublink speeds 2021-01-18 18:41:11 +01:00
config.c usb: fix various gadget panics on 10gbps cabling 2021-06-09 10:40:08 +02:00
configfs.c usb: gadget: configfs: Fix KASAN use-after-free 2021-03-17 21:29:46 +01:00
configfs.h
epautoconf.c
functions.c
Kconfig usb: gadget: select CONFIG_CRC32 2021-01-04 16:54:29 +01:00
Makefile
u_f.c
u_f.h USB: gadget: u_f: Unbreak offset calculation in VLAs 2020-08-27 09:25:06 +02:00
u_os_desc.h
usbstring.c usb: gadget: fix langid kernel-doc warning in usbstring.c 2020-07-09 10:13:07 +03:00