Revision 00d6058ac93048b525b86fa48b413dcb87ac2728 authored by Ian Abbott on 26 June 2006, 10:44:22 UTC, committed by Greg Kroah-Hartman on 12 July 2006, 23:03:22 UTC
The anti user-DoS mechanism in the USB serial 'visor' driver can fail in the following way: visor_open: priv->outstanding_urbs = 0 visor_write: ++priv->outstanding_urbs visor_close: visor_open: priv->outstanding_urbs = 0 visor_write_bulk_callback: --priv->outstanding_urbs So priv->outstanding_urbs ends up as (unsigned long)(-1). Not good! I haven't seen this happen with the visor driver as I don't have the hardware, but I have seen it while testing a patch to implement the same functionality in the ftdi_sio driver (patch not yet submitted). The fix is pretty simple: don't reinitialize outstanding_urbs in visor_open. (Again, I haven't tested the fix in visor, but I have tested it in ftdi_sio.) Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
1 parent 5650b4d
| File | Mode | Size |
|---|---|---|
| irq | ||
| power | ||
| time | ||
| .gitignore | -rw-r--r-- | 51 bytes |
| Kconfig.hz | -rw-r--r-- | 1.2 KB |
| Kconfig.preempt | -rw-r--r-- | 2.3 KB |
| Makefile | -rw-r--r-- | 2.7 KB |
| acct.c | -rw-r--r-- | 16.6 KB |
| audit.c | -rw-r--r-- | 32.0 KB |
| audit.h | -rw-r--r-- | 4.6 KB |
| auditfilter.c | -rw-r--r-- | 41.3 KB |
| auditsc.c | -rw-r--r-- | 45.5 KB |
| capability.c | -rw-r--r-- | 6.6 KB |
| compat.c | -rw-r--r-- | 24.3 KB |
| configs.c | -rw-r--r-- | 3.2 KB |
| cpu.c | -rw-r--r-- | 4.9 KB |
| cpuset.c | -rw-r--r-- | 71.6 KB |
| dma.c | -rw-r--r-- | 3.5 KB |
| exec_domain.c | -rw-r--r-- | 4.3 KB |
| exit.c | -rw-r--r-- | 41.5 KB |
| extable.c | -rw-r--r-- | 2.0 KB |
| fork.c | -rw-r--r-- | 40.4 KB |
| futex.c | -rw-r--r-- | 43.5 KB |
| futex_compat.c | -rw-r--r-- | 3.3 KB |
| hrtimer.c | -rw-r--r-- | 19.8 KB |
| itimer.c | -rw-r--r-- | 9.3 KB |
| kallsyms.c | -rw-r--r-- | 10.4 KB |
| kexec.c | -rw-r--r-- | 27.5 KB |
| kfifo.c | -rw-r--r-- | 4.6 KB |
| kmod.c | -rw-r--r-- | 7.5 KB |
| kprobes.c | -rw-r--r-- | 18.3 KB |
| ksysfs.c | -rw-r--r-- | 2.3 KB |
| kthread.c | -rw-r--r-- | 7.2 KB |
| lockdep.c | -rw-r--r-- | 67.6 KB |
| lockdep_internals.h | -rw-r--r-- | 2.4 KB |
| lockdep_proc.c | -rw-r--r-- | 10.0 KB |
| module.c | -rw-r--r-- | 58.7 KB |
| mutex-debug.c | -rw-r--r-- | 3.0 KB |
| mutex-debug.h | -rw-r--r-- | 1.7 KB |
| mutex.c | -rw-r--r-- | 9.2 KB |
| mutex.h | -rw-r--r-- | 1.1 KB |
| panic.c | -rw-r--r-- | 6.3 KB |
| params.c | -rw-r--r-- | 16.7 KB |
| pid.c | -rw-r--r-- | 8.4 KB |
| posix-cpu-timers.c | -rw-r--r-- | 41.1 KB |
| posix-timers.c | -rw-r--r-- | 27.5 KB |
| printk.c | -rw-r--r-- | 27.3 KB |
| profile.c | -rw-r--r-- | 14.5 KB |
| ptrace.c | -rw-r--r-- | 12.1 KB |
| rcupdate.c | -rw-r--r-- | 17.5 KB |
| rcutorture.c | -rw-r--r-- | 19.6 KB |
| relay.c | -rw-r--r-- | 23.9 KB |
| resource.c | -rw-r--r-- | 12.5 KB |
| rtmutex-debug.c | -rw-r--r-- | 5.7 KB |
| rtmutex-debug.h | -rw-r--r-- | 1.4 KB |
| rtmutex-tester.c | -rw-r--r-- | 9.0 KB |
| rtmutex.c | -rw-r--r-- | 25.4 KB |
| rtmutex.h | -rw-r--r-- | 1.1 KB |
| rtmutex_common.h | -rw-r--r-- | 3.2 KB |
| rwsem.c | -rw-r--r-- | 2.4 KB |
| sched.c | -rw-r--r-- | 170.8 KB |
| seccomp.c | -rw-r--r-- | 1.1 KB |
| signal.c | -rw-r--r-- | 65.6 KB |
| softirq.c | -rw-r--r-- | 13.7 KB |
| softlockup.c | -rw-r--r-- | 3.9 KB |
| spinlock.c | -rw-r--r-- | 10.1 KB |
| stacktrace.c | -rw-r--r-- | 462 bytes |
| stop_machine.c | -rw-r--r-- | 4.7 KB |
| sys.c | -rw-r--r-- | 49.0 KB |
| sys_ni.c | -rw-r--r-- | 3.7 KB |
| sysctl.c | -rw-r--r-- | 59.7 KB |
| time.c | -rw-r--r-- | 17.1 KB |
| timer.c | -rw-r--r-- | 49.8 KB |
| uid16.c | -rw-r--r-- | 5.1 KB |
| unwind.c | -rw-r--r-- | 23.7 KB |
| user.c | -rw-r--r-- | 5.1 KB |
| wait.c | -rw-r--r-- | 7.3 KB |
| workqueue.c | -rw-r--r-- | 15.7 KB |
Computing file changes ...
