From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Johan Hovold <johan@kernel.org>
Subject: [PATCH 4.9 68/72] USB: serial: garmin_gps: fix I/O after failed probe and remove
Date: Sun, 19 Nov 2017 15:39:12 +0100 [thread overview]
Message-ID: <20171119143535.161007531@linuxfoundation.org> (raw)
In-Reply-To: <20171119143532.376035495@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 19a565d9af6e0d828bd0d521d3bafd5017f4ce52 upstream.
Make sure to stop any submitted interrupt and bulk-out URBs before
returning after failed probe and when the port is being unbound to avoid
later NULL-pointer dereferences in the completion callbacks.
Also fix up the related and broken I/O cancellation on failed open and
on close. (Note that port->write_urb was never submitted.)
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/garmin_gps.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- a/drivers/usb/serial/garmin_gps.c
+++ b/drivers/usb/serial/garmin_gps.c
@@ -138,6 +138,7 @@ struct garmin_data {
__u8 privpkt[4*6];
spinlock_t lock;
struct list_head pktlist;
+ struct usb_anchor write_urbs;
};
@@ -905,7 +906,7 @@ static int garmin_init_session(struct us
sizeof(GARMIN_START_SESSION_REQ), 0);
if (status < 0)
- break;
+ goto err_kill_urbs;
}
if (status > 0)
@@ -913,6 +914,12 @@ static int garmin_init_session(struct us
}
return status;
+
+err_kill_urbs:
+ usb_kill_anchored_urbs(&garmin_data_p->write_urbs);
+ usb_kill_urb(port->interrupt_in_urb);
+
+ return status;
}
@@ -930,7 +937,6 @@ static int garmin_open(struct tty_struct
spin_unlock_irqrestore(&garmin_data_p->lock, flags);
/* shutdown any bulk reads that might be going on */
- usb_kill_urb(port->write_urb);
usb_kill_urb(port->read_urb);
if (garmin_data_p->state == STATE_RESET)
@@ -953,7 +959,7 @@ static void garmin_close(struct usb_seri
/* shutdown our urbs */
usb_kill_urb(port->read_urb);
- usb_kill_urb(port->write_urb);
+ usb_kill_anchored_urbs(&garmin_data_p->write_urbs);
/* keep reset state so we know that we must start a new session */
if (garmin_data_p->state != STATE_RESET)
@@ -1037,12 +1043,14 @@ static int garmin_write_bulk(struct usb_
}
/* send it down the pipe */
+ usb_anchor_urb(urb, &garmin_data_p->write_urbs);
status = usb_submit_urb(urb, GFP_ATOMIC);
if (status) {
dev_err(&port->dev,
"%s - usb_submit_urb(write bulk) failed with status = %d\n",
__func__, status);
count = status;
+ usb_unanchor_urb(urb);
kfree(buffer);
}
@@ -1401,6 +1409,7 @@ static int garmin_port_probe(struct usb_
garmin_data_p->state = 0;
garmin_data_p->flags = 0;
garmin_data_p->count = 0;
+ init_usb_anchor(&garmin_data_p->write_urbs);
usb_set_serial_port_data(port, garmin_data_p);
status = garmin_init_session(port);
@@ -1413,6 +1422,7 @@ static int garmin_port_remove(struct usb
{
struct garmin_data *garmin_data_p = usb_get_serial_port_data(port);
+ usb_kill_anchored_urbs(&garmin_data_p->write_urbs);
usb_kill_urb(port->interrupt_in_urb);
del_timer_sync(&garmin_data_p->timer);
kfree(garmin_data_p);
next prev parent reply other threads:[~2017-11-19 14:42 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-19 14:38 [PATCH 4.9 00/72] 4.9.64-stable review Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 01/72] media: imon: Fix null-ptr-deref in imon_probe Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 02/72] media: dib0700: fix invalid dvb_detach argument Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 03/72] [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 04/72] Bluetooth: btusb: fix QCA Rome suspend/resume Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 05/72] extcon: Remove potential problem when calling extcon_register_notifier() Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 06/72] extcon: palmas: Check the parent instance to prevent the NULL Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 07/72] fm10k: request reset when mbx->state changes Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 08/72] ARM: dts: Fix compatible for ti81xx uarts for 8250 Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 09/72] ARM: dts: Fix am335x and dm814x scm syscon to probe children Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 10/72] ARM: OMAP2+: Fix init for multiple quirks for the same SoC Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 11/72] ARM: dts: Fix omap3 off mode pull defines Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 12/72] ARM: dts: omap5-uevm: Allow bootloader to configure USB Ethernet MAC Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 13/72] ata: ATA_BMDMA should depend on HAS_DMA Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 14/72] ata: SATA_HIGHBANK " Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 15/72] ata: SATA_MV " Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 16/72] drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 17/72] igb: reset the PHY before reading the PHY ID Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 18/72] igb: close/suspend race in netif_device_detach Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 19/72] igb: Fix hw_dbg logging in igb_update_flash_i210 Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 20/72] scsi: ufs-qcom: Fix module autoload Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 21/72] scsi: ufs: add capability to keep auto bkops always enabled Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 22/72] tcp: provide timestamps for partial writes Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 23/72] staging: rtl8188eu: fix incorrect ERROR tags from logs Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 24/72] x86/irq, trace: Add __irq_entry annotation to x86s platform IRQ handlers Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 25/72] scsi: lpfc: Add missing memory barrier Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 26/72] scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 27/72] scsi: lpfc: Correct host name in symbolic_name field Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 28/72] scsi: lpfc: Correct issue leading to oops during link reset Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 29/72] scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 30/72] rtc: rx8010: change lock mechanism Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 31/72] power: supply: axp288_fuel_gauge: Read 15 bit values 2 registers at a time Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 32/72] power: supply: axp288_fuel_gauge: Read 12 " Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 33/72] ALSA: vx: Dont try to update capture stream before running Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 34/72] ALSA: vx: Fix possible transfer overflow Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 35/72] drm/omap: panel-sony-acx565akm.c: Add MODULE_ALIAS Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 37/72] backlight: adp5520: Fix error handling in adp5520_bl_probe() Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 38/72] gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 39/72] ALSA: hda/realtek - Add new codec ID ALC299 Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 40/72] arm64: dts: NS2: reserve memory for Nitro firmware Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 41/72] ixgbe: Configure advertised speeds correctly for KR/KX backplane Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 42/72] ixgbe: fix AER error handling Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 43/72] ixgbe: handle close/suspend race with netif_device_detach/present Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 44/72] ixgbe: Fix reporting of 100Mb capability Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 45/72] ixgbe: Reduce I2C retry count on X550 devices Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 46/72] ixgbe: add mask for 64 RSS queues Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 47/72] ixgbe: do not disable FEC from the driver Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 48/72] staging: rtl8712: fixed little endian problem Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 49/72] staging: wilc1000: Fix endian sparse warning Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 50/72] staging: greybus: add host device function pointer checks Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 51/72] MIPS: End asm function prologue macros with .insn Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 52/72] MIPS: init: Ensure bootmem does not corrupt reserved memory Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 53/72] MIPS: init: Ensure reserved memory regions are not added to bootmem Greg Kroah-Hartman
2017-11-19 14:38 ` [PATCH 4.9 54/72] MIPS: traps: Ensure L1 & L2 ECC checking match for CM3 systems Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 56/72] Revert "crypto: xts - Add ECB dependency" Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 57/72] Revert "uapi: fix linux/rds.h userspace compilation errors" Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 58/72] uapi: fix linux/rds.h userspace compilation error Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 59/72] uapi: fix linux/rds.h userspace compilation errors Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 60/72] Revert "dt-bindings: Add vendor prefix for LEGO" Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 61/72] Revert "dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification" Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 62/72] crypto: dh - Dont permit p to be 0 Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 63/72] crypto: dh - Dont permit key or g size longer than p Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 64/72] USB: usbfs: compute urb->actual_length for isochronous Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 65/72] USB: Add delay-init quirk for Corsair K70 LUX keyboards Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 66/72] usb: gadget: f_fs: Fix use-after-free in ffs_free_inst Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 67/72] USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update Greg Kroah-Hartman
2017-11-19 14:39 ` Greg Kroah-Hartman [this message]
2017-11-19 14:39 ` [PATCH 4.9 69/72] USB: serial: garmin_gps: fix memory leak on probe errors Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 70/72] x86/MCE/AMD: Always give panic severity for UC errors in kernel context Greg Kroah-Hartman
2017-11-19 14:39 ` [PATCH 4.9 72/72] staging: greybus: spilib: fix use-after-free after deregistration Greg Kroah-Hartman
2017-11-20 6:22 ` [PATCH 4.9 00/72] 4.9.64-stable review Naresh Kamboju
2017-11-20 19:25 ` Greg Kroah-Hartman
2017-11-20 14:10 ` Guenter Roeck
2017-11-20 15:10 ` Greg Kroah-Hartman
2017-11-20 21:17 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171119143535.161007531@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).