linux/drivers
Greg KH 5e2cd0825a hso: fix a use after free condition
This needs to go to netdev:

From: Octavian Purdila <octavian.purdila@intel.com>

In hso_free_net_device hso_net pointer is freed and then used to
cleanup urb pools. Catched with SLAB_DEBUG during S3 resume:

[   95.824442] Pid: 389, comm: khubd Tainted: G         C  2.6.36greenridge-01400-g423cf13-dirty #154 Type2 - Board Product Name1/OakTrail
[   95.824442] EIP: 0060:[<c1151551>] EFLAGS: 00010202 CPU: 0
[   95.824442] EIP is at kref_put+0x29/0x42
[   95.824442] EAX: 6b6b6b6b EBX: 6b6b6b6b ECX: c2806b40 EDX: 00000037
[   95.824442] ESI: c1258d56 EDI: edd3d128 EBP: ee8cde0c ESP: ee8cde04
[   95.824442]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[   95.824442] Process khubd (pid: 389, ti=ee8cc000 task=ee95ed10 task.ti=ee8cc000)
[   95.824442] Stack:
[   95.824442]  edd07020 00000000 ee8cde14 c1258b77 ee8cde38 ef933a44 ef93572b ef935dec
[   95.824442] <0> 0000099a 6b6b6b6b 00000000 ee2da748 edd3e0c0 ee8cde54 ef933b9f ee3b53f8
[   95.824442] <0> 00000002 ee2da748 ee2da764 ef936658 ee8cde60 ef933d0c ee2da748 ee8cde84
[   95.824442] Call Trace:
[   95.824442]  [<c1258b77>] ? usb_free_urb+0x11/0x13
[   95.824442]  [<ef933a44>] ? hso_free_net_device+0x81/0xd8 [hso]
[   95.824442]  [<ef933b9f>] ? hso_free_interface+0x104/0x111 [hso]
[   95.824442]  [<ef933d0c>] ? hso_disconnect+0xb/0x18 [hso]
[   95.824442]  [<c125b7f1>] ? usb_unbind_interface+0x44/0x14a
[   95.824442]  [<c11e56e8>] ? __device_release_driver+0x6f/0xb1
[   95.824442]  [<c11e57c7>] ? device_release_driver+0x18/0x23
[   95.824442]  [<c11e4e92>] ? bus_remove_device+0x8a/0xa1
[   95.824442]  [<c11e3970>] ? device_del+0x129/0x163
[   95.824442]  [<c11e2dc0>] ? put_device+0xf/0x11
[   95.824442]  [<c11e39bc>] ? device_unregister+0x12/0x15
[   95.824442]  [<c125915f>] ? usb_disable_device+0x90/0xf0
[   95.824442]  [<c125544f>] ? usb_disconnect+0x6d/0xf8
[   95.824442]  [<c1255f91>] ? hub_thread+0x3fc/0xc57
[   95.824442]  [<c1048526>] ? autoremove_wake_function+0x0/0x2f
[   95.824442]  [<c102529d>] ? complete+0x34/0x3e
[   95.824442]  [<c1255b95>] ? hub_thread+0x0/0xc57
[   95.824442]  [<c10481fc>] ? kthread+0x63/0x68
[   95.824442]  [<c1048199>] ? kthread+0x0/0x68
[   95.824442]  [<c1002d76>] ? kernel_thread_helper+0x6/0x10

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-07-08 09:07:59 -07:00
..
accessibility
acpi Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-05-29 11:19:16 -07:00
amba ARM: 6829/1: amba: make hardcoded periphid override hardware 2011-05-26 10:33:34 +01:00
ata ahci: change 'masking port_map' printk to KERN_WARNING level 2011-06-29 10:10:07 -07:00
atm
auxdisplay
base Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
bcma drivers/bcma/host_pci.c needs slab.h 2011-05-26 17:12:32 -07:00
block Merge branch 'for-3.0-important' of git://git.drbd.org/linux-2.6-drbd into for-linus 2011-06-30 10:10:50 +02:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into for-davem 2011-06-17 12:40:36 -04:00
cdrom block: fix mismerge of the DISK_EVENT_MEDIA_CHANGE removal 2011-06-02 05:29:19 +09:00
char drivers/char/hpet.c: fix periodic-emulation for delayed interrupts 2011-06-15 20:04:02 -07:00
clk
clocksource Revert "clocksource: sh_cmt: Runtime PM support" 2011-05-31 15:26:42 +09:00
connector Connector: Correctly set the error code in case of success when dispatching receive callbacks 2011-06-07 12:02:00 -07:00
cpufreq [CPUFREQ] powernow-k8: Don't try to transition if the pstate is incorrect 2011-06-16 16:31:13 -04:00
cpuidle Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 2011-05-29 11:18:09 -07:00
crypto crypto: caam - fix operator precedence in shared descriptor allocation 2011-06-30 07:43:27 +08:00
dca
dio
dma dmaengine: shdma: SH_DMAC_MAX_CHANNELS message fix 2011-06-14 15:03:07 +09:00
edac edac,rcu: use synchronize_rcu() instead of call_rcu()+rcu_barrier() 2011-05-26 17:12:37 -07:00
eisa
firewire
firmware Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
gpio gpio: tps65910: add missing breaks in tps65910_gpio_init 2011-07-05 23:17:08 -06:00
gpu Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2011-07-02 09:08:56 -07:00
hid HID: hid-multitouch: add support for a new Lumio dual-touch panel 2011-06-24 13:41:11 +02:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2011-07-03 11:12:06 -07:00
hwspinlock
i2c i2c/pca954x: Initialize the mux to disconnected state 2011-06-29 11:36:11 +02:00
ide ide-cd: signedness warning fix again 2011-06-11 15:06:48 -07:00
idle
ieee802154
infiniband RDMA: Check for NULL mode in .devnode methods 2011-07-04 15:53:28 -07:00
input input: pmic8xxx-pwrkey: Do not use mfd_get_data() 2011-07-05 10:38:43 +02:00
isdn gigaset: call module_put before restart of if_open() 2011-06-17 15:27:32 -04:00
leds drivers/leds/leds-lp5523.c: fix section mismatches 2011-06-27 18:00:13 -07:00
lguest
macintosh
mca
md md: avoid endless recovery loop when waiting for fail device to complete. 2011-06-28 16:59:42 +10:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2011-07-06 12:16:49 -07:00
memstick
message
mfd mfd: Add Makefile and Kconfig Entries for tps65911 comparator 2011-07-05 10:39:38 +02:00
misc Merge branch 'driver-core-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2011-06-28 11:15:36 -07:00
mmc mmc: queue: bring discard_granularity/alignment into line with SCSI 2011-06-25 18:53:05 -04:00
mtd powerpc/85xx: fix NAND_CMD_READID read bytes number 2011-06-22 06:08:48 -05:00
net hso: fix a use after free condition 2011-07-08 09:07:59 -07:00
nfc
nubus
of Merge branch 'devicetree/arm-next' of git://git.secretlab.ca/git/linux-2.6 into devel-stable 2011-05-25 00:08:17 +01:00
oprofile oprofile: Fix locking dependency in sync_start() 2011-05-31 16:33:34 +02:00
parisc
parport Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc 2011-06-27 14:55:43 -07:00
pcmcia gpio: include linux/gpio.h where needed 2011-06-16 08:40:44 -06:00
platform Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mjg59/platform-drivers-x86 2011-05-29 11:44:33 -07:00
pnp
power Merge git://git.infradead.org/battery-2.6 2011-05-27 10:12:35 -07:00
pps
ps3
ptp ptp: Fix some locking bugs in ptp_read() 2011-06-01 19:29:10 -07:00
rapidio
regulator regulator: Fix _regulator_get_voltage if get_voltage callback is NULL 2011-05-27 10:49:30 +01:00
rtc drivers/rtc/rtc-ds1307.c: add support for RTC device pt7c4338 2011-06-27 18:00:12 -07:00
s390 [S390] qdio: Split SBAL entry flags 2011-06-06 14:14:56 +02:00
sbus
scsi [SCSI] isci: fix checkpatch errors 2011-07-03 14:26:24 -05:00
sfi
sh drivers: sh: resume enabled clocks fix 2011-06-14 15:15:25 +09:00
sn
spi spi/bfin_spi: fix handling of default bits per word setting 2011-06-17 08:27:27 -06:00
ssb ssb: fix PCI(e) driver regression causing oops on PCI cards 2011-06-03 14:19:49 -04:00
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2011-07-06 12:16:49 -07:00
target tcm_fc: Fix conversion spec warning 2011-06-24 00:09:16 +00:00
tc
telephony
thermal
tty Merge branch 'at91/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/linux-2.6-arm-soc 2011-07-04 15:54:18 -07:00
uio
usb USB: fix regression occurring during device removal 2011-07-01 14:20:39 -07:00
uwb
vhost vhost: support event index 2011-05-30 11:14:15 +09:30
video vesafb: fix memory leak 2011-07-04 16:02:48 +09:00
virtio virtio: add api for delayed callbacks 2011-05-30 11:14:16 +09:30
vlynq
w1 w1: W1_MASTER_DS1WM should depend on GENERIC_HARDIRQS 2011-06-15 20:04:00 -07:00
watchdog watchdog: update author email for at32ap700x_wdt 2011-06-28 20:01:25 +00:00
xen Merge branch 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2011-06-20 09:01:33 -07:00
zorro
Kconfig
Makefile Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2011-05-28 12:35:15 -07:00