Revision 5d9b70f7d52eb14bb37861c663bae44de9521c35 authored by Mathias Nyman on 08 December 2017, 16:10:05 UTC, committed by Greg Kroah-Hartman on 08 December 2017, 17:26:34 UTC
Avoid null pointer dereference if some function is walking through the devs array accessing members of a new virt_dev that is mid allocation. Add the virt_dev to xhci->devs[i] _after_ the virt_device and all its members are properly allocated. issue found by KASAN: null-ptr-deref in xhci_find_slot_id_by_port "Quick analysis suggests that xhci_alloc_virt_device() is not mutex protected. If so, there is a time frame where xhci->devs[slot_id] is set but not fully initialized. Specifically, xhci->devs[i]->udev can be NULL." Cc: stable <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent be6123d
File | Mode | Size |
---|---|---|
00-INDEX | -rw-r--r-- | 983 bytes |
bfq-iosched.txt | -rw-r--r-- | 24.5 KB |
biodoc.txt | -rw-r--r-- | 52.7 KB |
biovecs.txt | -rw-r--r-- | 5.9 KB |
capability.txt | -rw-r--r-- | 618 bytes |
cfq-iosched.txt | -rw-r--r-- | 12.5 KB |
cmdline-partition.txt | -rw-r--r-- | 1.3 KB |
data-integrity.txt | -rw-r--r-- | 11.9 KB |
deadline-iosched.txt | -rw-r--r-- | 2.8 KB |
ioprio.txt | -rw-r--r-- | 4.6 KB |
kyber-iosched.txt | -rw-r--r-- | 392 bytes |
null_blk.txt | -rw-r--r-- | 2.8 KB |
pr.txt | -rw-r--r-- | 3.6 KB |
queue-sysfs.txt | -rw-r--r-- | 7.4 KB |
request.txt | -rw-r--r-- | 2.0 KB |
stat.txt | -rw-r--r-- | 3.2 KB |
switching-sched.txt | -rw-r--r-- | 1.4 KB |
writeback_cache_control.txt | -rw-r--r-- | 3.9 KB |
Computing file changes ...