Skip to content
Snippets Groups Projects
Commit b2fa897c authored by Lena Salman's avatar Lena Salman Committed by Stuart Scott
Browse files

USB: f_qc_rndis: Prevent use-after-free for _rndis_qc 

Assume that there are two threads, thread1 is setting
value of _rndis_qc variable in rndis_qc_bind_config_vendor
function. Thread2 jumps in and get the value of _rndis_qc
in rndis_qc_open_dev function before it is freed in
rndis_qc_bind_config_vendor function, since rndis_ipa_init
or usb_add_function failed. Use-after-free will happen as
Thread2 is referencing freed objects. To prevent this
spinlock is used where ever it is needed to protect
_rndis_qc variable.

Bug: 35136547
Change-Id: Ib45ae14281821eeaf79419e8d177cb5d51b94df8
parent 83cf9f50
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment