UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/include/linux/usb
History
Oliver Neukum 14a0d635d1 usbnet: include wait queue head in device structure 
This fixes a race which happens by freeing an object on the stack.
Quoting Julius:
> The issue is
> that it calls usbnet_terminate_urbs() before that, which temporarily
> installs a waitqueue in dev->wait in order to be able to wait on the
> tasklet to run and finish up some queues. The waiting itself looks
> okay, but the access to 'dev->wait' is totally unprotected and can
> race arbitrarily. I think in this case usbnet_bh() managed to succeed
> it's dev->wait check just before usbnet_terminate_urbs() sets it back
> to NULL. The latter then finishes and the waitqueue_t structure on its
> stack gets overwritten by other functions halfway through the
> wake_up() call in usbnet_bh().

The fix is to just not allocate the data structure on the stack.
As dev->wait is abused as a flag it also takes a runtime PM change
to fix this bug.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Grant Grundler <grundler@google.com>
Tested-by: Grant Grundler <grundler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2014-03-27 14:59:10 -04:00
..
association.h
atmel_usba_udc.h
audio-v2.h
audio.h
c67x00.h
cdc-wdm.h
cdc_ncm.h net: cdc_ncm: fix control message ordering 2014-03-18 15:32:32 -04:00
ch9.h
chipidea.h usb: chipidea: add freescale imx28 special write register method 2014-01-13 15:55:19 -08:00
composite.h usb: gadget: configfs: allow setting function instance's name 2013-12-12 13:43:35 -06:00
ehci_def.h
ehci_pdriver.h
ezusb.h
functionfs.h usb: gadget: FunctionFS: Remove compatibility layer 2013-12-12 13:43:40 -06:00
g_hid.h
gadget.h usb: gadget: add "maxpacket_limit" field to struct usb_ep 2013-12-17 13:17:41 -06:00
gadget_configfs.h
gpio_vbus.h
hcd.h usb: xhci: change enumeration scheme to 'new scheme' by default 2013-12-10 13:54:37 -08:00
input.h
iowarrior.h
irda.h
isp116x.h
isp1301.h
isp1362.h
isp1760.h
m66592.h
msm_hsusb.h usb: phy: msm: Move mach dependent code to platform data 2014-01-09 00:06:48 -08:00
msm_hsusb_hw.h
musb-omap.h
musb-ux500.h
musb.h usb: musb: dsps: add support for suspend and resume 2013-11-26 10:58:16 -06:00
net2280.h
of.h
ohci_pdriver.h
omap_control_usb.h usb: phy: omap: Add omap-control Support for AM437x 2013-12-19 09:27:42 -06:00
omap_usb.h
otg-fsm.h usb: phy: move OTG FSM header 2013-11-26 10:58:18 -06:00
otg.h
phy.h
phy_companion.h
quirks.h
r8a66597.h
renesas_usbhs.h
rndis_host.h
samsung_usb_phy.h
serial.h USB: serial: export usb_serial_generic_write_start 2013-10-11 17:00:26 -07:00
sl811.h
storage.h
tegra_usb_phy.h
tilegx.h
uas.h
ulpi.h
usb_phy_gen_xceiv.h usb: patches for v3.13 2013-10-24 16:18:40 +01:00
usbnet.h usbnet: include wait queue head in device structure 2014-03-27 14:59:10 -04:00
wusb-wa.h usb: wusbcore: preserve endianness of cached descriptors 2013-10-19 05:19:21 -07:00
wusb.h usb: wusbcore: fix deadlock in wusbhc_gtk_rekey 2013-12-02 15:21:04 -08:00