summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJia-Ju Bai <baijiaju1990@gmail.com>2018-09-01 17:23:47 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-09-26 08:36:36 +0200
commit734893b83e300968aa9ba4519a2ac64e60f0d3ec (patch)
tree566b03fab49d6e4601e6928984d04868537583cb /security
parentc531c70d9e05166d1f683eefb57918be4cd7e596 (diff)
downloadlinux-stable-734893b83e300968aa9ba4519a2ac64e60f0d3ec.tar.gz
linux-stable-734893b83e300968aa9ba4519a2ac64e60f0d3ec.tar.bz2
linux-stable-734893b83e300968aa9ba4519a2ac64e60f0d3ec.zip
usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
commit 6d4f268fa132742fe96dad22307c68d237356d88 upstream. i_usX2Y_subs_startup in usbusx2yaudio.c is a completion handler function for the USB driver. So it should not sleep, but it is can sleep according to the function call paths (from bottom to top) in Linux-4.16. [FUNC] msleep drivers/usb/host/u132-hcd.c, 2558: msleep in u132_get_frame drivers/usb/core/hcd.c, 2231: [FUNC_PTR]u132_get_frame in usb_hcd_get_frame_number drivers/usb/core/usb.c, 822: usb_hcd_get_frame_number in usb_get_current_frame_number sound/usb/usx2y/usbusx2yaudio.c, 303: usb_get_current_frame_number in i_usX2Y_urb_complete sound/usb/usx2y/usbusx2yaudio.c, 366: i_usX2Y_urb_complete in i_usX2Y_subs_startup Note that [FUNC_PTR] means a function pointer call is used. To fix this bug, msleep() is replaced with mdelay(). This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions