Re: [patch -target tree] usb: gadget: f_tcm: use after free

From: Nicholas A. Bellinger
Date: Sat Mar 05 2016 - 02:27:08 EST

Next message: Nicholas A. Bellinger: "Re: [patch] sbp-target: checking for NULL instead of IS_ERR"
Previous message: Nicholas A. Bellinger: "Re: [patch] tcm_loop: use after free on error"
In reply to: Felipe Balbi: "Re: [patch -target tree] usb: gadget: f_tcm: use after free"
Next in thread: Nicholas A. Bellinger: "Re: [patch -target tree] usb: gadget: f_tcm: use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Felipe + usb-gadget folks,

On Wed, 2016-03-02 at 13:55 +0200, Felipe Balbi wrote:
> Dan Carpenter <dan.carpenter@xxxxxxxxxx> writes:
> > We need to move the kfree() down a line so we don't dereference a freed
> > variable.
> >
> > Fixes: 1b418a8fcbc0 ('target: Convert demo-mode only drivers to target_alloc_session')
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> It's okay to take this via target:
>
> Signed-off-by: Felipe Balbi <balbi@xxxxxxxxxx>
>

Note this specific patch is only a mechanical change, and we still need
reviews for the more interesting conversions:

usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation
http://www.spinics.net/lists/target-devel/msg11777.html

usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs
http://www.spinics.net/lists/target-devel/msg11782.html

Felipe, Sebastian, & Andrezj, would you be so kind to review and test
usb-gadget using target-pending/for-next code..?

Next message: Nicholas A. Bellinger: "Re: [patch] sbp-target: checking for NULL instead of IS_ERR"
Previous message: Nicholas A. Bellinger: "Re: [patch] tcm_loop: use after free on error"
In reply to: Felipe Balbi: "Re: [patch -target tree] usb: gadget: f_tcm: use after free"
Next in thread: Nicholas A. Bellinger: "Re: [patch -target tree] usb: gadget: f_tcm: use after free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]