Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 2a6da97ff530650d26570a6a1ec0ac1deac927bd
commit2a6da97ff530650d26570a6a1ec0ac1deac927bd[log] [tgz]
authorThomas Pugliese <thomas.pugliese@gmail.com>Tue Mar 04 11:24:55 2014 -0600
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Mar 07 12:39:39 2014 -0800
tree64222edab88045ceda239c12a719fbcafd4889db
parent3c1b2c3ecd3122fe6dded7b012f74021144d95b2 [diff]
usb: wusbcore: fix potential double list_del on urb dequeue

This patch locks rpipe->seg_lock around the entire transfer segment
cleanup loop in wa_urb_dequeue instead of just one case of the switch
statement.  This fixes a race between __wa_xfer_delayed_run and
wa_urb_dequeue where a transfer segment in the WA_SEG_DELAYED state
could be removed from the rpipe seg_list twice leading to memory
corruption.  It also switches the spin_lock call to use the non-irqsave
version since the xfer->lock is already held and irqs already disabled.

Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 64222edab88045ceda239c12a719fbcafd4889db
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS