]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit
projects / mirror_ubuntu-focal-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2578f00) | patch
usb: max-3421: Prevent corruption of freed memory
authorMark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Fri, 25 Jun 2021 03:14:56 +0000 (15:14 +1200)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Mon, 20 Sep 2021 16:49:37 +0000 (18:49 +0200)
commit1bb7b692ce523bd2c5aa6c8ca72f7722320d32b9
tree5436eba7cecef89d48d08dcde2501c163edf07a5tree
parent2578f00ed7315c3aa081fafb918839f46ef084aacommit | diff
usb: max-3421: Prevent corruption of freed memory

BugLink: https://bugs.launchpad.net/bugs/1939899
commit b5fdf5c6e6bee35837e160c00ac89327bdad031b upstream.

The MAX-3421 USB driver remembers the state of the USB toggles for a
device/endpoint. To save SPI writes, this was only done when a new
device/endpoint was being used. Unfortunately, if the old device was
removed, this would cause writes to freed memory.

To fix this, a simpler scheme is used. The toggles are read from
hardware when a URB is completed, and the toggles are always written to
hardware when any URB transaction is started. This will cause a few more
SPI transactions, but no causes kernel panics.

Fixes: 2d53139f3162 ("Add support for using a MAX3421E chip as a host driver.")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Link: https://lore.kernel.org/r/20210625031456.8632-1-mark.tomlinson@alliedtelesis.co.nz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
drivers/usb/host/max3421-hcd.c diff | blob | blame | history
Ubuntu Focal Linux kernel mirror