On Fri, Mar 15, 2013 at 12:04:34PM -0700, Greg KH wrote: > On Fri, Mar 15, 2013 at 06:16:07PM +0100, Johan Hovold wrote: > > On Wed, Feb 27, 2013 at 01:52:27PM +0100, Johan Hovold wrote: > > > Make sure to check the serial disconnected flag before accessing port > > > private data after waking up. > > > > > > This fixes a use after free in the ftdi_sio introduced by commit > > > 876ae50d94b ("USB: ftdi_sio: fix race condition in TIOCMIWAIT, and abort > > > of TIOCMIWAIT when the device is removed"). > > > > > > When switching to tty ports, some lifetime assumptions where changed. > > > Specifically, close can now be called before the final tty reference is > > > dropped as part of hangup at device disconnect. Even with the ftdi > > > private-data refcounting this means that the port private data can be > > > freed while a process is sleeping on modem-status changes and thus > > > cannot be relied on to detect disconnects when woken up. > > > > Greg, those changed life-times introduced a second use after free here > > as well: the wait queue itself. This affects all usb-serial drivers with > > private wait queues. > > > > My third series with the TIOCMIWAIT-rework fixes this problem, but > > I'll submit something that can more easily be backported to stable > > first. > > > > Can you hold back this patch and the two follow up series (or if you > > prefer all three of my USB-series) and I'll respin and resubmit them > > shortly? > > Ok, I'm totally confused :) Yeah, sorry about that. :) > Care to resend me what you want to have applied to 3.9-final as one > series, and then, anything you want to have for 3.10, as a separate > series? The second one can be "on top" of the first one, if you need it > to be. Will do. > For now, consider all patches you have sent to me previously, that I > have not applied, as dropped from my todo queues. Great, but only the USB-ones, right? Thanks, Johan -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html