Patch "mwifiex: sdio: fix use after free issue for save_adapter" has been added to the 4.9-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

* Patch "mwifiex: sdio: fix use after free issue for save_adapter" has been added to the 4.9-stable tree
@ 2017-11-28  9:50 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-11-28  9:50 UTC (permalink / raw)
  To: akarwar, alexander.levin, gregkh, kvalo; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    mwifiex: sdio: fix use after free issue for save_adapter

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mwifiex-sdio-fix-use-after-free-issue-for-save_adapter.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From foo@baz Tue Nov 28 10:49:28 CET 2017
From: Amitkumar Karwar <akarwar@marvell.com>
Date: Thu, 1 Dec 2016 19:23:31 +0530
Subject: mwifiex: sdio: fix use after free issue for save_adapter

From: Amitkumar Karwar <akarwar@marvell.com>


[ Upstream commit 74c8719b8ee0922593a5cbec0bd6127d86d8a2f4 ]

If we have sdio work requests received when sdio card reset is
happening, we may end up accessing older save_adapter pointer
later which is already freed during card reset.
This patch solves the problem by cancelling those pending requests.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/wireless/marvell/mwifiex/sdio.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
@@ -2296,6 +2296,12 @@ static void mwifiex_recreate_adapter(str
 	mmc_hw_reset(func->card->host);
 	sdio_release_host(func);
 
+	/* Previous save_adapter won't be valid after this. We will cancel
+	 * pending work requests.
+	 */
+	clear_bit(MWIFIEX_IFACE_WORK_DEVICE_DUMP, &iface_work_flags);
+	clear_bit(MWIFIEX_IFACE_WORK_CARD_RESET, &iface_work_flags);
+
 	mwifiex_sdio_probe(func, device_id);
 }
 


Patches currently in stable-queue which might be from akarwar@marvell.com are

queue-4.9/mwifiex-sdio-fix-use-after-free-issue-for-save_adapter.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-11-28  9:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-28  9:50 Patch "mwifiex: sdio: fix use after free issue for save_adapter" has been added to the 4.9-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.