Commit 599bfaef authored by Oliver Neukum's avatar Oliver Neukum Committed by Kelsey Skunberg

usblp: poison URBs upon disconnect

BugLink: https://bugs.launchpad.net/bugs/1885932

[ Upstream commit 296a193b ]

syzkaller reported an URB that should have been killed to be active.
We do not understand it, but this should fix the issue if it is real.
Signed-off-by: default avatarOliver Neukum <oneukum@suse.com>
Reported-by: syzbot+be5b5f86a162a6c281e6@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200507085806.5793-1-oneukum@suse.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKelsey Skunberg <kelsey.skunberg@canonical.com>
parent 4236b082
...@@ -481,7 +481,8 @@ static int usblp_release(struct inode *inode, struct file *file) ...@@ -481,7 +481,8 @@ static int usblp_release(struct inode *inode, struct file *file)
usb_autopm_put_interface(usblp->intf); usb_autopm_put_interface(usblp->intf);
if (!usblp->present) /* finish cleanup from disconnect */ if (!usblp->present) /* finish cleanup from disconnect */
usblp_cleanup(usblp); usblp_cleanup(usblp); /* any URBs must be dead */
mutex_unlock(&usblp_mutex); mutex_unlock(&usblp_mutex);
return 0; return 0;
} }
...@@ -1397,9 +1398,11 @@ static void usblp_disconnect(struct usb_interface *intf) ...@@ -1397,9 +1398,11 @@ static void usblp_disconnect(struct usb_interface *intf)
usblp_unlink_urbs(usblp); usblp_unlink_urbs(usblp);
mutex_unlock(&usblp->mut); mutex_unlock(&usblp->mut);
usb_poison_anchored_urbs(&usblp->urbs);
if (!usblp->used) if (!usblp->used)
usblp_cleanup(usblp); usblp_cleanup(usblp);
mutex_unlock(&usblp_mutex); mutex_unlock(&usblp_mutex);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment