e28fd56ad5
In rmmod path, usbip_vudc does platform_device_put() twice once from platform_device_unregister() and then from put_vudc_device(). The second put results in: BUG kmalloc-2048 (Not tainted): Poison overwritten error or BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is enabled. [ 169.042156] calling init+0x0/0x1000 [usbip_vudc] @ 1697 [ 169.042396] ============================================================================= [ 169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs [ 169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten [ 169.044509] ----------------------------------------------------------------------------- ... [ 169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693 [ 169.057852] kobject_put+0x86/0x1b0 [ 169.057853] 0xffffffffc0c30a96 [ 169.057855] __x64_sys_delete_module+0x157/0x240 Fix it to call platform_device_del() instead and let put_vudc_device() do the platform_device_put(). Reported-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
README | ||
stub_dev.c | ||
stub_main.c | ||
stub_rx.c | ||
stub_tx.c | ||
stub.h | ||
usbip_common.c | ||
usbip_common.h | ||
usbip_event.c | ||
vhci_hcd.c | ||
vhci_rx.c | ||
vhci_sysfs.c | ||
vhci_tx.c | ||
vhci.h | ||
vudc_dev.c | ||
vudc_main.c | ||
vudc_rx.c | ||
vudc_sysfs.c | ||
vudc_transfer.c | ||
vudc_tx.c | ||
vudc.h |
TODO: - more discussion about the protocol - testing - review of the userspace interface - document the protocol Please send patches for this code to Greg Kroah-Hartman <greg@kroah.com>