mbox series

[v2,0/2] usb: f_fs: safe operation in ffs_epfile_io()

Message ID 1654006119-23869-1-git-send-email-quic_linyyuan@quicinc.com
Headers show
Series usb: f_fs: safe operation in ffs_epfile_io() | expand

Message

Linyu Yuan May 31, 2022, 2:08 p.m. UTC 
Fix two possible issue in ffs_epfile_io() when operation at blocking mode.

v1: https://lore.kernel.org/linux-usb/1653989775-14267-1-git-send-email-quic_linyyuan@quicinc.com/T/#m1b8ccbae36671f9d3662968567f95ef106b2b3f8
v2: correct interrupted variable according comment from John Keeping

Linyu Yuan (2):
  usb: gadget: f_fs: change ep->status safe in ffs_epfile_io()
  usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io()

 drivers/usb/gadget/function/f_fs.c | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

Comments

John Keeping May 31, 2022, 6:06 p.m. UTC | #1 
On Tue, May 31, 2022 at 10:08:38PM +0800, Linyu Yuan wrote:
> If a task read/write data in blocking mode, it will wait the completion
> in ffs_epfile_io(), if function unbind occurs, ffs_func_unbind() will
> kfree ffs ep, once the task wake up, it still dereference the ffs ep to
> obtain the request status.
> 
> Fix it by moving the request status to io_data which is stack-safe.
> 
> Signed-off-by: Linyu Yuan <quic_linyyuan@quicinc.com>

Reviewed-by: John Keeping <john@metanate.com>