proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-29 14:09:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2bc2e05f92
mirror_ubuntu-kernels/drivers/usb/dwc3
History
Mayank Rana 96bd39df29 usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue 
dwc3_ep_dequeue() waits for completion of End Transfer command using
wait_event_lock_irq(), which will release the dwc3->lock while waiting
and reacquire after completion. This allows a potential race condition
with ep_disable() which also removes all requests from started_list
and pending_list.

The check for NULL r->trb should catch this but currently it exits to
the wrong 'out1' label which calls dwc3_gadget_giveback(). Since its
list entry was already removed, if CONFIG_DEBUG_LIST is enabled a
'list_del corruption' bug is thrown since its next/prev pointers are
already LIST_POISON1/2. If r->trb is NULL it should simply exit to
'out0'.

Fixes: cf3113d893 ("usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue")
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2018-04-25 14:26:26 +03:00
..
core.c usb: changes for v4.17 merge window 2018-03-23 13:33:09 +01:00
core.h usb: dwc3: Dump LSP and BMU debug info 2018-03-22 10:49:02 +02:00
debug.h usb: dwc3: debug: decode a few more features 2017-12-11 12:36:48 +02:00
debugfs.c usb: dwc3: Dump LSP and BMU debug info 2018-03-22 10:49:02 +02:00
drd.c usb: dwc3: add dual role support using OTG block 2018-03-13 10:47:52 +02:00
dwc3-exynos.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
dwc3-keystone.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
dwc3-of-simple.c usb: dwc3: of-simple: add support for the Amlogic Meson GXL and AXG SoCs 2018-03-13 10:47:50 +02:00
dwc3-omap.c usb: dwc3: omap: don't miss events during suspend/resume 2018-02-12 10:53:18 +02:00
dwc3-pci.c usb: dwc3: pci: Properly cleanup resource 2018-03-22 10:48:18 +02:00
dwc3-st.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
ep0.c usb: dwc3: ep0: remove redundant assignment 2018-03-19 10:52:12 +02:00
gadget.c usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue 2018-04-25 14:26:26 +03:00
gadget.h USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
host.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
io.h USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
Kconfig usb: changes for v4.12 2017-04-11 16:47:26 +02:00
Makefile usb: dwc3: Makefile: fix link error on randconfig 2018-03-22 10:45:20 +02:00
trace.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00
trace.h usb: dwc3: Make sparse a bit happier 2017-12-11 12:36:49 +02:00
ulpi.c USB: dwc3: Remove redundant license text 2017-11-07 15:45:01 +01:00