Skip to main content

Browse the archive

swh:1:snp:49cd9498d6cccc5e78252c27dcb645bcf7bf0c91
Revision 5d9b70f7d52eb14bb37861c663bae44de9521c35 authored by Mathias Nyman on 08 December 2017, 16:10:05 UTC, committed by Greg Kroah-Hartman on 08 December 2017, 17:26:34 UTC 
xhci: Don't add a virt_dev to the devs array before it's fully allocated
 
Avoid null pointer dereference if some function is walking through the
devs array accessing members of a new virt_dev that is mid allocation.

Add the virt_dev to xhci->devs[i] _after_ the virt_device and all its
members are properly allocated.

issue found by KASAN: null-ptr-deref in xhci_find_slot_id_by_port

"Quick analysis suggests that xhci_alloc_virt_device() is not mutex
protected. If so, there is a time frame where xhci->devs[slot_id] is set
but not fully initialized. Specifically, xhci->devs[i]->udev can be NULL."

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent be6123d
History
Tip revision: 644e9524388a5dbc6d4f58c492ee9ef7bd4ddf4d authored by Linus Torvalds on 26 November 2022, 02:02:49 UTC
Merge tag 'for-v6.1-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
Tip revision: 644e952
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitattributes -rw-r--r-- 30 bytes
.gitignore -rw-r--r-- 1.4 KB
.mailmap -rw-r--r-- 8.8 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 96.2 KB
Kbuild -rw-r--r-- 2.2 KB
Kconfig -rw-r--r-- 287 bytes
MAINTAINERS -rw-r--r-- 426.0 KB
Makefile -rw-r--r-- 58.3 KB
README -rw-r--r-- 722 bytes

README

back to top