Re: [PATCH 1/5] rsi: fix use-after-free on failed probe and unbind

From: Kalle Valo
Date: Wed Dec 18 2019 - 13:58:01 EST

Next message: Kalle Valo: "Re: [PATCH] rt2x00usb: Fix a warning message in 'rt2x00usb_watchdog_tx_dma()'"
Previous message: Kalle Valo: "Re: [PATCH] bcma: remove set but not used variable 'sizel'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Johan Hovold <johan@xxxxxxxxxx> wrote:

> Make sure to stop both URBs before returning after failed probe as well
> as on disconnect to avoid use-after-free in the completion handler.
>
> Reported-by: syzbot+b563b7f8dbe8223a51e8@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: a4302bff28e2 ("rsi: add bluetooth rx endpoint")
> Fixes: dad0d04fa7ba ("rsi: Add RS9113 wireless driver")
> Cc: stable <stable@xxxxxxxxxxxxxxx> # 3.15
> Cc: Siva Rebbagondla <siva.rebbagondla@xxxxxxxxxxxxxxxxxx>
> Cc: Prameela Rani Garnepudi <prameela.j04cs@xxxxxxxxx>
> Cc: Amitkumar Karwar <amit.karwar@xxxxxxxxxxxxxxxxxx>
> Cc: Fariya Fatima <fariyaf@xxxxxxxxx>
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>

5 patches applied to wireless-drivers-next.git, thanks.

e93cd35101b6 rsi: fix use-after-free on failed probe and unbind
92aafe77123a rsi: fix use-after-free on probe errors
477682974811 rsi: fix memory leak on failed URB submission
b9b9f9fea218 rsi: fix non-atomic allocation in completion handler
960da557f435 rsi: add missing endpoint sanity checks

--
https://patchwork.kernel.org/patch/11266455/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Kalle Valo: "Re: [PATCH] rt2x00usb: Fix a warning message in 'rt2x00usb_watchdog_tx_dma()'"
Previous message: Kalle Valo: "Re: [PATCH] bcma: remove set but not used variable 'sizel'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]