Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/drivers/usb/gadget
History
Al Viro 0b4b4c305e gadgetfs: use-after-free in ->aio_read() 
commit f01d35a15fa04162a58b95970fc01fa70ec9dacd upstream.

AIO_PREAD requests call ->aio_read() with iovec on caller's stack, so if
we are going to access it asynchronously, we'd better get ourselves
a copy - the one on kernel stack of aio_run_iocb() won't be there
anymore.  function/f_fs.c take care of doing that, legacy/inode.c
doesn't...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[lizf: Backproted to 3.4:
 - adjust context
 - need kfree() after calling get_ready_ep()]
Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-06-19 11:40:22 +08:00
..
acm_ms.c
amd5536udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
amd5536udc.h
at91_udc.c usb: gadget: at91-udc: fix irq and iomem resource retrieval 2014-06-07 16:02:01 -07:00
at91_udc.h
atmel_usba_udc.c ARM: device tree work 2012-03-27 16:47:35 -07:00
atmel_usba_udc.h
audio.c usb: gadget: Add Audio Class 2.0 Driver 2012-02-15 10:10:31 +02:00
cdc2.c
ci13xxx_msm.c usb: Convert all users to new usb_phy 2012-02-27 15:41:48 +02:00
ci13xxx_pci.c
ci13xxx_udc.c This merge is rather big. Here's what it contains: 2012-03-01 09:20:28 -08:00
ci13xxx_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
composite.c usb: gadget: composite: reset delayed_status on reset_config 2013-12-20 07:34:20 -08:00
config.c
dbgp.c
dummy_hcd.c usb: gadget: dummy: fix enumeration with g_multi 2013-01-17 08:51:05 -08:00
epautoconf.c This merge is rather big. Here's what it contains: 2012-03-01 09:20:28 -08:00
ether.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
f_acm.c usb: gadget: add usb3.0 descriptors to serial gadgets 2012-02-09 10:11:36 +02:00
f_ecm.c usb: gadget: network: fix bind() error path 2013-01-11 09:06:53 -08:00
f_eem.c usb: gadget: network: fix bind() error path 2013-01-11 09:06:53 -08:00
f_fs.c usb: gadget: f_fs: fix NULL pointer dereference when there are no strings 2014-07-09 10:51:19 -07:00
f_hid.c
f_loopback.c usb: gadget: zero: fix bug in loopback autoresume handling 2012-01-30 11:10:20 +02:00
f_mass_storage.c usb: gadget: f_mass_storage: add missing memory barrier for thread_wakeup_needed 2013-07-21 18:19:01 -07:00
f_midi.c usb: gadget: midi: free hs descriptors 2013-01-11 09:06:53 -08:00
f_ncm.c usb: gadget: network: fix bind() error path 2013-01-11 09:06:53 -08:00
f_obex.c
f_phonet.c usb: gadget: phonet: free requests in pn_bind()'s error path 2013-01-11 09:06:53 -08:00
f_rndis.c usb: gadget: network: fix bind() error path 2013-01-11 09:06:53 -08:00
f_serial.c usb: gadget: add usb3.0 descriptors to serial gadgets 2012-02-09 10:11:36 +02:00
f_sourcesink.c
f_subset.c usb: gadget: network: fix bind() error path 2013-01-11 09:06:53 -08:00
f_uac1.c usb: gadget: audio: Move string IDs to audio.c 2012-02-15 10:10:25 +02:00
f_uac2.c usb: gadget: Add Audio Class 2.0 Driver 2012-02-15 10:10:31 +02:00
f_uvc.c usb: gadget: uvc: fix error path in uvc_function_bind() 2013-01-11 09:06:53 -08:00
f_uvc.h
file_storage.c USB: gadget: storage gadgets send wrong error code for unknown commands 2012-04-12 16:20:10 +03:00
fsl_mxc_udc.c
fsl_qe_udc.c usb: gadget: Clear usb_endpoint_descriptor inside the struct usb_ep on disable 2012-02-24 12:22:38 +02:00
fsl_qe_udc.h
fsl_udc_core.c usb: gadget: fsl_udc_core: dTD's next dtd pointer need to be updated once written 2012-06-01 15:18:22 +08:00
fsl_usb2_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
fusb300_udc.c
fusb300_udc.h
g_ffs.c usb: gadget: FunctionFS: make module init & exit __init & __exit 2012-04-10 19:11:47 +03:00
g_zero.h
gadget_chips.h
gmidi.c
goku_udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
goku_udc.h
hid.c USB: gadget: Make g_hid device class conform to spec. 2012-03-08 13:11:34 -08:00
imx_udc.c
imx_udc.h
inode.c gadgetfs: use-after-free in ->aio_read() 2015-06-19 11:40:22 +08:00
Kconfig ARM: More device tree support updates 2012-03-28 12:34:33 -07:00
langwell_udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
langwell_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
m66592-udc.c
m66592-udc.h
Makefile
mass_storage.c usb: gadget: update Michal Nazarewicz's email address 2012-01-24 11:45:11 +02:00
multi.c usb: gadget: update Michal Nazarewicz's email address 2012-01-24 11:45:11 +02:00
mv_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
mv_udc_core.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ncm.c
ndis.h
net2272.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
net2272.h
net2280.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
net2280.h
nokia.c
omap_udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
omap_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
pch_udc.c usb/gadget/pch_udc: Fix compile error 2012-03-06 07:00:14 -08:00
printer.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
pxa25x_udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
pxa25x_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
pxa27x_udc.c usb: otg: Convert all users to pass struct usb_otg for OTG functions 2012-02-27 15:41:52 +02:00
pxa27x_udc.h usb: otg: Rename otg_transceiver to usb_phy 2012-02-13 13:34:36 +02:00
r8a66597-udc.c usb: gadget: r8a66597: use generic map/unmap routines 2012-02-28 14:49:08 +02:00
r8a66597-udc.h
rndis.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
rndis.h
s3c-hsotg.c usb: s3c-hsotg: Fix big buffers transfer in DMA mode 2012-04-10 19:11:46 +03:00
s3c-hsudc.c This merge is rather big. Here's what it contains: 2012-03-01 09:20:28 -08:00
s3c2410_udc.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
s3c2410_udc.h
serial.c usb: gadget: add usb3.0 descriptors to serial gadgets 2012-02-09 10:11:36 +02:00
storage_common.c This merge is rather big. Here's what it contains: 2012-03-01 09:20:28 -08:00
u_ether.c usb: gadget: u_ether: fix kworker 100% CPU issue with still used interfaces in eth_stop 2012-08-26 15:00:45 -07:00
u_ether.h
u_phonet.h
u_serial.c TTY: remove unneeded tty->index checks 2012-03-08 11:42:21 -08:00
u_serial.h
u_uac1.c usb: gadget: Rename audio function to uac1 2012-02-15 10:09:48 +02:00
u_uac1.h usb: gadget: Rename audio function to uac1 2012-02-15 10:09:48 +02:00
udc-core.c usb: gadget: udc-core: fix a regression during gadget driver unbinding 2013-04-05 10:04:35 -07:00
usbstring.c
uvc.h usb gadget: uvc: uvc_request_data::length field must be signed 2012-04-24 13:55:37 -07:00
uvc_queue.c usb: gadget: uvc: Remove non-required locking from 'uvc_queue_next_buffer' routine 2012-04-10 19:11:51 +03:00
uvc_queue.h
uvc_v4l2.c usb gadget: uvc: uvc_request_data::length field must be signed 2012-04-24 13:55:37 -07:00
uvc_video.c
webcam.c
zero.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30