linux_dsm_epyc7002

mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00

History

Tuomas Tynkkynen b835a71ef6 usbnet: smsc95xx: Fix use-after-free after removal Syzbot reports an use-after-free in workqueue context: BUG: KASAN: use-after-free in mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 mutex_unlock+0x19/0x40 kernel/locking/mutex.c:737 __smsc95xx_mdio_read drivers/net/usb/smsc95xx.c:217 [inline] smsc95xx_mdio_read+0x583/0x870 drivers/net/usb/smsc95xx.c:278 check_carrier+0xd1/0x2e0 drivers/net/usb/smsc95xx.c:644 process_one_work+0x777/0xf90 kernel/workqueue.c:2274 worker_thread+0xa8f/0x1430 kernel/workqueue.c:2420 kthread+0x2df/0x300 kernel/kthread.c:255 It looks like that smsc95xx_unbind() is freeing the structures that are still in use by the concurrently running workqueue callback. Thus switch to using cancel_delayed_work_sync() to ensure the work callback really is no longer active. Reported-by: syzbot+29dc7d4ae19b703ff947@syzkaller.appspotmail.com Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-06-22 16:34:31 -07:00
..
aqc111.c
aqc111.h	net: usb: aqc111: Use the correct style for SPDX License Identifier	2019-11-27 11:27:01 -08:00
asix_common.c
asix_devices.c
asix.h
ax88172a.c	net: convert suitable drivers to use phy_do_ioctl_running	2020-01-23 10:49:30 +01:00
ax88179_178a.c	net: usb: ax88179_178a: fix packet alignment padding	2020-06-17 14:58:11 -07:00
catc.c	netdev: pass the stuck queue to the timeout handler	2019-12-12 21:38:57 -08:00
cdc_eem.c
cdc_ether.c	r8152: support additional Microsoft Surface Ethernet Adapter variant	2020-05-19 12:45:09 -07:00
cdc_mbim.c
cdc_ncm.c	cdc_ncm: Fix the build warning	2020-03-15 00:41:29 -07:00
cdc_subset.c
cdc-phonet.c	net: usb: cdc-phonet: Replace zero-length array with flexible-array member	2020-02-17 19:05:05 -08:00
ch9200.c	net: ch9200: remove unnecessary return	2020-01-07 13:30:36 -08:00
cx82310_eth.c
dm9601.c
gl620a.c
hso.c	usb: hso: correct debug message	2020-05-07 12:59:33 -07:00
huawei_cdc_ncm.c	net: huawei_cdc_ncm: remove redundant assignment to variable ret	2020-05-10 11:13:07 -07:00
int51x1.c
ipheth.c	netdev: pass the stuck queue to the timeout handler	2019-12-12 21:38:57 -08:00
kalmia.c
kaweth.c	netdev: pass the stuck queue to the timeout handler	2019-12-12 21:38:57 -08:00
Kconfig	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
lan78xx.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-26 10:40:21 +01:00
lan78xx.h
lg-vl600.c
Makefile
mcs7830.c
net1080.c
pegasus.c	pegasus: Remove pegasus' own workqueue	2020-04-02 17:58:25 -07:00
pegasus.h
plusb.c
qmi_wwan.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-05-31 17:48:46 -07:00
r8152.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-05-24 13:47:27 -07:00
rndis_host.c
rtl8150.c	netdev: pass the stuck queue to the timeout handler	2019-12-12 21:38:57 -08:00
sierra_net.c	net: sierra_net: Remove unused inline function	2020-05-05 12:07:43 -07:00
smsc75xx.c
smsc75xx.h
smsc95xx.c	usbnet: smsc95xx: Fix use-after-free after removal	2020-06-22 16:34:31 -07:00
smsc95xx.h
sr9700.c
sr9700.h
sr9800.c
sr9800.h
usbnet.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-22 15:15:05 -08:00
zaurus.c