Home Home > GIT Browse > openSUSE-15.0
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-07-16 16:23:44 +0200
committerTakashi Iwai <tiwai@suse.de>2019-07-16 16:23:56 +0200
commitf9796f8e4bc3fcfd3c95b6aa341f0a29e0479cba (patch)
tree11e308f8acec614c4761737e4f354f72c86850d4
parente97eb16c0d193055d76308549fc364ed64747bac (diff)
usb: gadget: ether: Fix race between gether_disconnect and
rx_submit (bsc#1051510).
-rw-r--r--patches.drivers/usb-gadget-ether-Fix-race-between-gether_disconnect-.patch54
-rw-r--r--series.conf1
2 files changed, 55 insertions, 0 deletions
diff --git a/patches.drivers/usb-gadget-ether-Fix-race-between-gether_disconnect-.patch b/patches.drivers/usb-gadget-ether-Fix-race-between-gether_disconnect-.patch
new file mode 100644
index 0000000000..f8245d0ee2
--- /dev/null
+++ b/patches.drivers/usb-gadget-ether-Fix-race-between-gether_disconnect-.patch
@@ -0,0 +1,54 @@
+From d29fcf7078bc8be2b6366cbd4418265b53c94fac Mon Sep 17 00:00:00 2001
+From: Kiruthika Varadarajan <Kiruthika.Varadarajan@harman.com>
+Date: Tue, 18 Jun 2019 08:39:06 +0000
+Subject: [PATCH] usb: gadget: ether: Fix race between gether_disconnect and rx_submit
+Git-commit: d29fcf7078bc8be2b6366cbd4418265b53c94fac
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+On spin lock release in rx_submit, gether_disconnect get a chance to
+run, it makes port_usb NULL, rx_submit access NULL port USB, hence null
+pointer crash.
+
+Fixed by releasing the lock in rx_submit after port_usb is used.
+
+Fixes: 2b3d942c4878 ("usb ethernet gadget: split out network core")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Kiruthika Varadarajan <Kiruthika.Varadarajan@harman.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/usb/gadget/function/u_ether.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/usb/gadget/function/u_ether.c b/drivers/usb/gadget/function/u_ether.c
+index 737bd77a575d..2929bb47a618 100644
+--- a/drivers/usb/gadget/function/u_ether.c
++++ b/drivers/usb/gadget/function/u_ether.c
+@@ -186,11 +186,12 @@ rx_submit(struct eth_dev *dev, struct usb_request *req, gfp_t gfp_flags)
+ out = dev->port_usb->out_ep;
+ else
+ out = NULL;
+- spin_unlock_irqrestore(&dev->lock, flags);
+
+ if (!out)
++ {
++ spin_unlock_irqrestore(&dev->lock, flags);
+ return -ENOTCONN;
+-
++ }
+
+ /* Padding up to RX_EXTRA handles minor disagreements with host.
+ * Normally we use the USB "terminate on short read" convention;
+@@ -214,6 +215,7 @@ rx_submit(struct eth_dev *dev, struct usb_request *req, gfp_t gfp_flags)
+
+ if (dev->port_usb->is_fixed)
+ size = max_t(size_t, size, dev->port_usb->fixed_out_len);
++ spin_unlock_irqrestore(&dev->lock, flags);
+
+ skb = __netdev_alloc_skb(dev->net, size + NET_IP_ALIGN, gfp_flags);
+ if (skb == NULL) {
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 1ea8782fef..cd84bc24d9 100644
--- a/series.conf
+++ b/series.conf
@@ -22920,6 +22920,7 @@
patches.drivers/serial-uartps-Remove-useless-return-from-cdns_uart_p.patch
patches.drivers/tty-serial_core-Set-port-active-bit-in-uart_port_act.patch
patches.drivers/Revert-serial-8250-Don-t-service-RX-FIFO-if-interrup.patch
+ patches.drivers/usb-gadget-ether-Fix-race-between-gether_disconnect-.patch
patches.drivers/memstick-Fix-error-cleanup-path-of-memstick_init.patch
patches.fixes/0001-ocfs2-add-last-unlock-times-in-locking_state.patch
patches.fixes/0002-ocfs2-add-locking-filter-debugfs-file.patch