Re: [PATCH v1] usb: host: Fix possible kernel crash

[Venu Byravarasu]

On Tuesday 10 July 2012 08:39 PM, Alan Stern wrote:
> On Tue, 10 Jul 2012, Venu Byravarasu wrote:
>
> > Thanks Alan for your comments.
> >
> > On Monday 09 July 2012 08:04 PM, Alan Stern wrote:
> > > On Mon, 9 Jul 2012, Venu Byravarasu wrote:
> > >
> > > > In functions itd_complete &  sitd_complete, a pointer
> > > > by name stream may get dereferenced after freeing it, when
> > > > iso_stream_put is called with stream->refcount = 2.
> > > I don't understand the problem.  Did you actually see this happen or is
> > > it only theoretical?
> > Yes it is a theoretical problem, as complained by Coverity.
> > As per the logic you explained above, this change is not needed.
> > However coverity was complaining as below:
> >
> > /kernel/drivers/usb/host/ehci-sched.c 1777 USE_AFTER_FREE Dereferencing
> > freed pointer "stream"
> >
> > Hence to pacify coverity, this change is done.
> > Please let me know if you see any other better way to handle it.
> This seems to be a false positive from Coverity.
>
> In any case, I'm about to submit some patches which get rid of the
> reference counting entirely.  So let's not worry about this.
>
> Alan Stern
Thanks Alan for taking care of it, in your future patch.




--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/