q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers/net/usb
History
Greg KH 5e2cd0825a hso: fix a use after free condition 
This needs to go to netdev:

From: Octavian Purdila <octavian.purdila@intel.com>

In hso_free_net_device hso_net pointer is freed and then used to
cleanup urb pools. Catched with SLAB_DEBUG during S3 resume:

[   95.824442] Pid: 389, comm: khubd Tainted: G         C  2.6.36greenridge-01400-g423cf13-dirty #154 Type2 - Board Product Name1/OakTrail
[   95.824442] EIP: 0060:[<c1151551>] EFLAGS: 00010202 CPU: 0
[   95.824442] EIP is at kref_put+0x29/0x42
[   95.824442] EAX: 6b6b6b6b EBX: 6b6b6b6b ECX: c2806b40 EDX: 00000037
[   95.824442] ESI: c1258d56 EDI: edd3d128 EBP: ee8cde0c ESP: ee8cde04
[   95.824442]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   95.824442] Process khubd (pid: 389, ti=ee8cc000 task=ee95ed10 task.ti=ee8cc000)
[   95.824442] Stack:
[   95.824442]  edd07020 00000000 ee8cde14 c1258b77 ee8cde38 ef933a44 ef93572b ef935dec
[   95.824442] <0> 0000099a 6b6b6b6b 00000000 ee2da748 edd3e0c0 ee8cde54 ef933b9f ee3b53f8
[   95.824442] <0> 00000002 ee2da748 ee2da764 ef936658 ee8cde60 ef933d0c ee2da748 ee8cde84
[   95.824442] Call Trace:
[   95.824442]  [<c1258b77>] ? usb_free_urb+0x11/0x13
[   95.824442]  [<ef933a44>] ? hso_free_net_device+0x81/0xd8 [hso]
[   95.824442]  [<ef933b9f>] ? hso_free_interface+0x104/0x111 [hso]
[   95.824442]  [<ef933d0c>] ? hso_disconnect+0xb/0x18 [hso]
[   95.824442]  [<c125b7f1>] ? usb_unbind_interface+0x44/0x14a
[   95.824442]  [<c11e56e8>] ? __device_release_driver+0x6f/0xb1
[   95.824442]  [<c11e57c7>] ? device_release_driver+0x18/0x23
[   95.824442]  [<c11e4e92>] ? bus_remove_device+0x8a/0xa1
[   95.824442]  [<c11e3970>] ? device_del+0x129/0x163
[   95.824442]  [<c11e2dc0>] ? put_device+0xf/0x11
[   95.824442]  [<c11e39bc>] ? device_unregister+0x12/0x15
[   95.824442]  [<c125915f>] ? usb_disable_device+0x90/0xf0
[   95.824442]  [<c125544f>] ? usb_disconnect+0x6d/0xf8
[   95.824442]  [<c1255f91>] ? hub_thread+0x3fc/0xc57
[   95.824442]  [<c1048526>] ? autoremove_wake_function+0x0/0x2f
[   95.824442]  [<c102529d>] ? complete+0x34/0x3e
[   95.824442]  [<c1255b95>] ? hub_thread+0x0/0xc57
[   95.824442]  [<c10481fc>] ? kthread+0x63/0x68
[   95.824442]  [<c1048199>] ? kthread+0x0/0x68
[   95.824442]  [<c1002d76>] ? kernel_thread_helper+0x6/0x10

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2011-07-08 09:07:59 -07:00
..
Kconfig net/usb: Add Samsung Kalmia driver for Samsung GT-B3730 2011-06-16 21:57:49 -04:00
Makefile net/usb: Add Samsung Kalmia driver for Samsung GT-B3730 2011-06-16 21:57:49 -04:00
asix.c ethtool: Call ethtool's get/set_settings callbacks with cleaned data 2011-04-29 14:01:30 -07:00
catc.c drivers/net/usb/catc.c: Fix potential deadlock in catc_ctrl_run() 2011-05-31 15:30:17 -07:00
cdc-phonet.c NET: cdc-phonet, handle empty phonet header 2011-03-14 15:24:18 -07:00
cdc_eem.c Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
cdc_ether.c net/usb: mark LG VL600 LTE modem ethernet interface as WWAN 2011-05-10 15:03:50 -07:00
cdc_ncm.c usbnet/cdc_ncm: add missing .reset_resume hook 2011-06-01 21:10:49 -07:00
cdc_subset.c usbnet: use eth%d name for known ethernet devices 2011-04-01 20:12:02 -07:00
cx82310_eth.c
dm9601.c ethtool: Call ethtool's get/set_settings callbacks with cleaned data 2011-04-29 14:01:30 -07:00
gl620a.c usbnet: use eth%d name for known ethernet devices 2011-04-01 20:12:02 -07:00
hso.c hso: fix a use after free condition 2011-07-08 09:07:59 -07:00
int51x1.c
ipheth.c ipheth: Properly distinguish length and alignment in URBs and skbs 2011-05-08 15:45:13 -07:00
kalmia.c net/usb/kalmia: signedness bug in kalmia_bind() 2011-06-23 03:15:39 -07:00
kaweth.c Fix common misspellings 2011-03-31 11:26:23 -03:00
lg-vl600.c net/usb: Ethernet quirks for the LG-VL600 4G modem 2011-03-30 02:35:08 -07:00
mcs7830.c USB: mcs7830: return negative if auto negotiate fails 2010-12-23 10:21:12 -08:00
net1080.c usbnet: use eth%d name for known ethernet devices 2011-04-01 20:12:02 -07:00
pegasus.c drivers/net/usb: Remove unnecessary casts of netdev_priv 2010-11-17 10:36:52 -08:00
pegasus.h
plusb.c usb: plusb: Add debug to reset function 2011-04-10 18:46:45 -07:00
rndis_host.c rndis_host: Quirky devices are still 'point-to-point' 2011-04-14 23:23:45 -07:00
rtl8150.c ethtool: cosmetic: Use ethtool ethtool_cmd_speed API 2011-04-29 14:03:01 -07:00
sierra_net.c drivers/net: don't use flush_scheduled_work() 2010-12-12 16:45:14 +01:00
smsc75xx.c ethtool: Call ethtool's get/set_settings callbacks with cleaned data 2011-04-29 14:01:30 -07:00
smsc75xx.h
smsc95xx.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
smsc95xx.h
usbnet.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
zaurus.c usbnet: Remove over-broad module alias from zaurus. 2011-06-29 06:09:17 -07:00