usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (6a19da11) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit 6a19da11 authored Dec 15, 2022 by

Udipto Goswami Committed by Greg Kroah-Hartman Jan 17, 2023

usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait

While performing fast composition switch, there is a possibility that the
process of ffs_ep0_write/ffs_ep0_read get into a race condition
due to ep0req being freed up from functionfs_unbind.

Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait
by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't
bounded so it can go ahead and mark the ep0req to NULL, and since there
is no NULL check in ffs_ep0_queue_wait we will end up in use-after-free.

Fix this by making a serialized execution between the two functions using
a mutex_lock(ffs->mutex).

Fixes: ddf8abd2

 ("USB: f_fs: the FunctionFS driver")
Signed-off-by: Udipto Goswami <quic_ugoswami@quicinc.com>
Tested-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Link: https://lore.kernel.org/r/20221215052906.8993-2-quic_ugoswami@quicinc.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent cde37881

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit facf353c
· Feb 07, 2023

mentioned in commit facf353c

mentioned in commit facf353c9e8d7885b686d9a4b173d4e0af6441d2

Toggle commit list
mirror @mirror
mentioned in commit e9036e95
· Feb 07, 2023

mentioned in commit e9036e95

mentioned in commit e9036e951f93fb8d7b5e9d6e2c7f94a4da312ae4

Toggle commit list
mirror @mirror
mentioned in commit a8d40942
· Feb 07, 2023

mentioned in commit a8d40942

mentioned in commit a8d40942df074f4ebcb9bd3413596d92f323b064

Toggle commit list
mirror @mirror
mentioned in commit 921deb9d
· Feb 07, 2023

mentioned in commit 921deb9d

mentioned in commit 921deb9da15851425ccbb6ee409dc2fd8fbdfe6b

Toggle commit list
mirror @mirror
mentioned in commit 9ba1188a
· Feb 10, 2023

mentioned in commit 9ba1188a

mentioned in commit 9ba1188a719a940d8cddee040c1b7580c5973fbe

Toggle commit list
mirror @mirror
mentioned in commit 3b1534f5
· Feb 10, 2023

mentioned in commit 3b1534f5

mentioned in commit 3b1534f5bae79f8549e14d3193793b67745038a8

Toggle commit list
mirror @mirror
mentioned in commit 434a36ed
· Feb 16, 2023

mentioned in commit 434a36ed

mentioned in commit 434a36ed64ac399b567174075b75d59d916dadfc

Toggle commit list
mirror @mirror
mentioned in commit 4023c364
· Feb 23, 2023

mentioned in commit 4023c364

mentioned in commit 4023c364ecf71231730988b6b00bb6c4c2d26174

Toggle commit list
mirror @mirror
mentioned in commit 554177f3
· Feb 23, 2023

mentioned in commit 554177f3

mentioned in commit 554177f3157bb70aab6cbcfdabb4f4ede8bedcbb

Toggle commit list
mirror @mirror
mentioned in commit 3bd7816c
· Jun 10, 2023

mentioned in commit 3bd7816c

mentioned in commit 3bd7816c9aad1281681c34e7cf9ab3cfdddcaeff

Toggle commit list
mirror @mirror
mentioned in commit 9a95fba9
· Jun 10, 2023

mentioned in commit 9a95fba9

mentioned in commit 9a95fba9362a161127673e29243ca5cfea48defe

Toggle commit list
mirror @mirror
mentioned in commit a4f88cb0
· Jun 10, 2023

mentioned in commit a4f88cb0

mentioned in commit a4f88cb043c5964b1ababfdc5397bb9d7b972509

Toggle commit list
mirror @mirror
mentioned in commit 599e1920
· Jun 10, 2023

mentioned in commit 599e1920

mentioned in commit 599e19202be2af0a179c40ae94a94a061fef29e7

Toggle commit list
mirror @mirror
mentioned in commit d5f18388
· Jun 10, 2023

mentioned in commit d5f18388

mentioned in commit d5f1838815290bb170c5d204f4e33dc467c6a133

Toggle commit list
mirror @mirror
mentioned in commit 704842c9
· Jun 10, 2023

mentioned in commit 704842c9

mentioned in commit 704842c97aa35e587a287c22c57582a330dd0f57

Toggle commit list
mirror @mirror
mentioned in commit 7d4d05d3
· Jun 10, 2023

mentioned in commit 7d4d05d3

mentioned in commit 7d4d05d3b15bf005c4e82981e7b0ba0455c5b024

Toggle commit list

Please register or to comment