diff options
| author | Linyu Yuan <quic_linyyuan@quicinc.com> | 2022-06-10 20:17:58 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-06-22 14:28:08 +0200 |
| commit | 5eb643c4f3e58649208f45d11faffa744641b029 (patch) | |
| tree | 2bb97eeed26e2a65c47b816de7f564c7c85e08a5 /net/lapb/lapb_in.c | |
| parent | 7b7478d57be0d4043e39d3777ab808dd2a11b07c (diff) | |
usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io()
commit 0698f0209d8032e8869525aeb68f65ee7fde12ad upstream.
In ffs_epfile_io(), when read/write data in blocking mode, it will wait
the completion in interruptible mode, if task receive a signal, it will
terminate the wait, at same time, if function unbind occurs,
ffs_func_unbind() will kfree all eps, ffs_epfile_io() still try to
dequeue request by dereferencing ep which may become invalid.
Fix it by add ep spinlock and will not dereference ep if it is not valid.
Cc: <stable@vger.kernel.org> # 5.15
Reported-by: Michael Wu <michael@allwinnertech.com>
Tested-by: Michael Wu <michael@allwinnertech.com>
Reviewed-by: John Keeping <john@metanate.com>
Signed-off-by: Linyu Yuan <quic_linyyuan@quicinc.com>
Link: https://lore.kernel.org/r/1654863478-26228-3-git-send-email-quic_linyyuan@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/lapb/lapb_in.c')
0 files changed, 0 insertions, 0 deletions