On 09.07.24 21:38, Shuah Khan wrote:
On 7/9/24 05:38, Oliver Neukum wrote:
At a few places the driver carries stale pointers
to references that can still be used. Make sure that does not happen.
This strictly speaking closes ZDI-CAN-22273, though there may be
similar races in the driver.
Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
Sorry I need a bit more explanation to follow the change you
are making. Also how did you find the problem?
Hi,
I looked at the initial report you wrote and it seemed to me that the issue
was that vhci_device_reset() leaves a stale pointer around and vhci_urb_enqueue()
in the special cases drops the old reference before it gets a new reference,
which together causes the race condition you were hitting.
Regards
Oliver