Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
deb2eaa1b2
linux-stable/include
History
Oliver Neukum 72e46f6e69 usbnet: include wait queue head in device structure 
[ Upstream commit 14a0d635d1 ]

This fixes a race which happens by freeing an object on the stack.
Quoting Julius:
> The issue is
> that it calls usbnet_terminate_urbs() before that, which temporarily
> installs a waitqueue in dev->wait in order to be able to wait on the
> tasklet to run and finish up some queues. The waiting itself looks
> okay, but the access to 'dev->wait' is totally unprotected and can
> race arbitrarily. I think in this case usbnet_bh() managed to succeed
> it's dev->wait check just before usbnet_terminate_urbs() sets it back
> to NULL. The latter then finishes and the waitqueue_t structure on its
> stack gets overwritten by other functions halfway through the
> wake_up() call in usbnet_bh().

The fix is to just not allocate the data structure on the stack.
As dev->wait is abused as a flag it also takes a runtime PM change
to fix this bug.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Grant Grundler <grundler@google.com>
Tested-by: Grant Grundler <grundler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-04-14 06:47:21 -07:00
..
acpi Merge branches 'acpi-pci-pm' and 'acpi-pci-hotplug' 2013-12-31 22:03:37 +01:00
asm-generic powerpc/thp: Fix crash on mremap 2014-02-13 13:55:44 -08:00
clocksource drivers: clocksource: add support for ARM architected timer event stream 2013-09-26 09:48:00 +01:00
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-09 19:58:52 +08:00
drm drm/radeon: 0x9649 is SUMO2 not SUMO 2013-12-23 10:03:41 -05:00
dt-bindings For the 3.13 merge window we have a couple of new drivers for the AMS 2013-11-15 16:37:40 -08:00
keys KEYS: Separate the kernel signature checking keyring from module signing 2013-09-25 17:17:01 +01:00
kvm
linux usbnet: include wait queue head in device structure 2014-04-14 06:47:21 -07:00
math-emu
media [media] videobuf2: Add support for file access mode flags for DMABUF exporting 2013-12-09 14:50:50 -02:00
memory
misc
net tcp: syncookies: do not use getnstimeofday() 2014-04-14 06:47:20 -07:00
pcmcia
ras
rdma IB/core: const'ify inbuf in struct ib_udata 2013-12-16 10:38:28 -08:00
rxrpc
scsi ore: Fix wrong math in allocation of per device BIO 2014-02-13 13:55:32 -08:00
sound ALSA: memalloc.h - fix wrong truncation of dma_addr_t 2013-12-10 15:30:46 +01:00
target iscsi/iser-target: Fix isert_conn->state hung shutdown issues 2014-03-23 21:44:12 -07:00
trace tracing: Fix array size mismatch in format string 2014-03-31 10:05:14 -07:00
uapi misc: mic: fix possible signed underflow (undefined behavior) in userspace API 2014-02-22 13:34:57 -08:00
video fbdev changes for 3.13 2013-11-14 14:44:20 +09:00
xen xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4). 2014-02-13 13:55:28 -08:00
Kbuild