Am Freitag, den 12.05.2017, 15:00 +0200 schrieb Michael Grzeschik: > The usbip stack handles the kmalloc and kfree of the transfered buffers. Some > USB-Stacks add the flag URB_FREE_BUFFER to their urbs, so the usb layer removes > it in usb_free_urb. This can lead to double free situations as the usbip stack > already removes its created buffers. To avoid that we remove this flag from the > usbip transfered urbs. Hi, something is fishy here. urb_destroy() frees the buffer and the URB. If this leads to a double free ever, you are already accessing freed memory. This patch is a definite NACK. The analysis may be right, but the fix is wrong. Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
