subject:"\[PATCH\] r8a66597\: Fix a possible concurrency use\-after\-free bug in r8a66597_endpoint_disable\(\)"

Re: [PATCH] r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()

2018-12-18 Thread Jia-Ju Bai

On 2018/12/18 19:11, Greg KH wrote: On Tue, Dec 18, 2018 at 06:00:20PM +0800, Jia-Ju Bai wrote: The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may be concurrently executed. The two functions both access a possible shared variable "hep->hcpriv". This shared variable is fr

Re: [PATCH] r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()

2018-12-18 Thread Greg KH

On Tue, Dec 18, 2018 at 06:00:20PM +0800, Jia-Ju Bai wrote: > The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may > be concurrently executed. > The two functions both access a possible shared variable "hep->hcpriv". > > This shared variable is freed by r8a66597_endpoint_disable

[PATCH] r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()

2018-12-18 Thread Jia-Ju Bai

The function r8a66597_endpoint_disable() and r8a66597_urb_enqueue() may be concurrently executed. The two functions both access a possible shared variable "hep->hcpriv". This shared variable is freed by r8a66597_endpoint_disable() via the call path: r8a66597_endpoint_disable kfree(hep->hcpriv) (