linux-stable.git - Linux kernel stable tree

diff options

author	Jerome Brunet <jbrunet@baylibre.com>	2021-08-27 11:29:27 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-08-27 16:07:23 +0200
commit	068fdad20454f815e61e6f6eb9f051a8b3120e88 (patch)
tree	9e07c5e1a09336d63c963575fba7863469635139 /COPYING
parent	75432ba583a8a374b8d1ad2d3ba559a78f7454fc (diff)
download	linux-stable-068fdad20454f815e61e6f6eb9f051a8b3120e88.tar.gz linux-stable-068fdad20454f815e61e6f6eb9f051a8b3120e88.tar.bz2 linux-stable-068fdad20454f815e61e6f6eb9f051a8b3120e88.zip

usb: gadget: u_audio: fix race condition on endpoint stop

If the endpoint completion callback is call right after the ep_enabled flag is cleared and before usb_ep_dequeue() is call, we could do a double free on the request and the associated buffer. Fix this by clearing ep_enabled after all the endpoint requests have been dequeued. Fixes: 7de8681be2cd ("usb: gadget: u_audio: Free requests only after callback") Cc: stable <stable@vger.kernel.org> Reported-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com> Link: https://lore.kernel.org/r/20210827092927.366482-1-jbrunet@baylibre.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'COPYING')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: