Re: [PATCH v4] usb: usbip: set buffer pointers to NULL after free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/22/2017 05:02 AM, Michael Grzeschik wrote:
> The usbip stack dynamically allocates the transfer_buffer and
> setup_packet of each urb that got generated by the tcp to usb stub code.
> As these pointers are always used only once we will set them to NULL
> after use. This is done likewise to the free_urb code in vudc_dev.c.
> This patch fixes double kfree situations where the usbip remote side
> added the URB_FREE_BUFFER.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Michael Grzeschik <m.grzeschik@xxxxxxxxxxxxxx>

Sorry for the delay. I was away last couple of weeks.

The change looks good. Thanks for the fix.

Acked-by: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>

thanks,
-- Shuah

> ---
> v1 -> v2: - rephrased patch subject from:
>             "usb: usbip: avoid the usb layer to kfree our allocated buffer"
>           - changed to always let urb_destoy remove the transfer_buffer
> v2 -> v3: - added stable to cc
>           - wrapped long line with over 80 chars
> v3 -> v4: - rephrades patch subject from usb:
>             "usbip: let urb_destroy kfree the transfer_buffer"
>           - setting buffer pointers to NULL
>             instead of omitting flag URB_FREE_BUFFER
> 
>  drivers/usb/usbip/stub_main.c | 4 ++++
>  drivers/usb/usbip/stub_tx.c   | 4 ++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
> index 44ab43fc4fcc7..af10f7b131a49 100644
> --- a/drivers/usb/usbip/stub_main.c
> +++ b/drivers/usb/usbip/stub_main.c
> @@ -262,7 +262,11 @@ void stub_device_cleanup_urbs(struct stub_device *sdev)
>  		kmem_cache_free(stub_priv_cache, priv);
>  
>  		kfree(urb->transfer_buffer);
> +		urb->transfer_buffer = NULL;
> +
>  		kfree(urb->setup_packet);
> +		urb->setup_packet = NULL;
> +
>  		usb_free_urb(urb);
>  	}
>  }
> diff --git a/drivers/usb/usbip/stub_tx.c b/drivers/usb/usbip/stub_tx.c
> index 6b1e8c3f0e4b2..be50cef645d8a 100644
> --- a/drivers/usb/usbip/stub_tx.c
> +++ b/drivers/usb/usbip/stub_tx.c
> @@ -28,7 +28,11 @@ static void stub_free_priv_and_urb(struct stub_priv *priv)
>  	struct urb *urb = priv->urb;
>  
>  	kfree(urb->setup_packet);
> +	urb->setup_packet = NULL;
> +
>  	kfree(urb->transfer_buffer);
> +	urb->transfer_buffer = NULL;
> +
>  	list_del(&priv->list);
>  	kmem_cache_free(stub_priv_cache, priv);
>  	usb_free_urb(urb);
> 




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]