Skip to content
Snippets Groups Projects
Select Git revision
  • de3cf786e39f55e3e508622e35ea69d7fff45b39
  • master default protected
  • android-msm-bullhead-3.10-nougat_kgdb_less_changes
  • android-msm-bullhead-3.10-nougat_kgdb
  • android-msm-bullhead-3.10-nougat_klist
  • android-4.4
  • android-msm-vega-4.4-oreo-daydream
  • android-msm-wahoo-4.4-p-preview-5
  • android-msm-wahoo-4.4-pie
  • android-msm-marlin-3.18-p-preview-5
  • android-msm-marlin-3.18-pie
  • android-msm-wahoo-2018.07-oreo-m2
  • android-msm-wahoo-2018.07-oreo-m4
  • android-msm-wahoo-4.4-p-preview-4
  • android-msm-bullhead-3.10-oreo-m6
  • android-msm-angler-3.10-oreo-m6
  • android-msm-marlin-3.18-p-preview-4
  • android-msm-stargazer-3.18-oreo-wear-dr
  • android-msm-catshark-3.18-oreo-wear-dr
  • android-msm-wahoo-4.4-oreo-m2
  • android-msm-wahoo-4.4-oreo-m4
  • android-daydreamos-8.0.0_r0.5
  • android-8.1.0_r0.92
  • android-8.1.0_r0.91
  • android-daydreamos-8.0.0_r0.4
  • android-p-preview-5_r0.2
  • android-p-preview-5_r0.1
  • android-9.0.0_r0.5
  • android-9.0.0_r0.4
  • android-9.0.0_r0.2
  • android-9.0.0_r0.1
  • android-8.1.0_r0.81
  • android-8.1.0_r0.80
  • android-8.1.0_r0.78
  • android-8.1.0_r0.76
  • android-8.1.0_r0.75
  • android-8.1.0_r0.72
  • android-8.1.0_r0.70
  • android-p-preview-4_r0.2
  • android-p-preview-4_r0.1
  • android-wear-8.0.0_r0.30
41 results

base

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Benson Leung authored and Piyush Gupta committed
    The put_device(dev) at the bottom of the loop of device_shutdown
    may result in the dev being cleaned up. In device_create_release,
    the dev is kfreed.
    
    However, device_shutdown attempts to use the dev pointer again after
    put_device by referring to dev->parent.
    
    Copy the parent pointer instead to avoid this condition.
    
    This bug was found on Chromium OS's chromeos-3.8, which is based on v3.8.11.
    See bug report : https://code.google.com/p/chromium/issues/detail?id=297842
    
    
    This can easily be reproduced when shutting down with
    hidraw devices that report battery condition.
    Two examples are the HP Bluetooth Mouse X4000b and the Apple Magic Mouse.
    For example, with the magic mouse :
    The dev in question is "hidraw0"
    dev->parent is "magicmouse"
    
    In the course of the shutdown for this device, the input event cleanup calls
    a put on hidraw0, decrementing its reference count.
    When we finally get to put_device(dev) in device_shutdown, kobject_cleanup
    is called and device_create_release does kfree(dev).
    dev->parent is no longer valid, and we may crash in
    put_device(dev->parent).
    
    This change should be applied on any kernel with this change :
    d1c6c030
    
    Change-Id: Ib8c7dbce155558aa1087349130d5d1b58c15540f
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarBenson Leung <bleung@chromium.org>
    Reviewed-by: default avatarMing Lei <ming.lei@canonical.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Git-commit: f123db8e
    Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
    
    
    Signed-off-by: default avatarOsvaldo Banuelos <osvaldob@codeaurora.org>
    (cherry picked from commit 29b25ef1)
    de3cf786
    History