On 4/19/21 6:25 AM, Greg Kroah-Hartman wrote:
On Fri, Apr 16, 2021 at 09:32:35AM -0600, Shuah Khan wrote:
On 4/12/21 12:59 PM, Tom Seewald wrote:
commit 9858af27e69247c5d04c3b093190a93ca365f33d upstream.
Currently udc->ud.tcp_rx is being assigned twice, the second assignment
is incorrect, it should be to udc->ud.tcp_tx instead of rx. Fix this.
Fixes: 46613c9dfa96 ("usbip: fix vudc usbip_sockfd_store races leading to gpf")
Acked-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
Cc: stable <stable@xxxxxxxxxxxxxxx>
Addresses-Coverity: ("Unused value")
Link: https://lore.kernel.org/r/20210311104445.7811-1-colin.king@xxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Tom Seewald <tseewald@xxxxxxxxx>
---
drivers/usb/usbip/vudc_sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/vudc_sysfs.c b/drivers/usb/usbip/vudc_sysfs.c
index f44d98eeb36a..51cc5258b63e 100644
--- a/drivers/usb/usbip/vudc_sysfs.c
+++ b/drivers/usb/usbip/vudc_sysfs.c
@@ -187,7 +187,7 @@ static ssize_t store_sockfd(struct device *dev,
udc->ud.tcp_socket = socket;
udc->ud.tcp_rx = tcp_rx;
- udc->ud.tcp_rx = tcp_tx;
+ udc->ud.tcp_tx = tcp_tx;
udc->ud.status = SDEV_ST_USED;
spin_unlock_irq(&udc->ud.lock);
Greg,
Please pick this up for 4.9 and 4.14
Why? The commit it says it fixes, 46613c9dfa96 ("usbip: fix vudc
usbip_sockfd_store races leading to gpf"), is not in any kernel older
than 4.19.y at the moment.
Tom back ported this one a couple of weeks ago to 4.14.y and 4.9.y
I see this commit in 4.14 (checked on 4.14.231)
e9c1341b4c948c20f030b6b146fa82575e2fc37b
I see this commit in 4.9.267 as well.
fe9e15a30be666ec8071f325a39fe13e2251b51d
This fix can go on top of these commits.
thanks,
-- Shuah
