kunit /
linux /
2a6da97ff530650d26570a6a1ec0ac1deac927bd usb: wusbcore: fix potential double list_del on urb dequeue
This patch locks rpipe->seg_lock around the entire transfer segment
cleanup loop in wa_urb_dequeue instead of just one case of the switch
statement. This fixes a race between __wa_xfer_delayed_run and
wa_urb_dequeue where a transfer segment in the WA_SEG_DELAYED state
could be removed from the rpipe seg_list twice leading to memory
corruption. It also switches the spin_lock call to use the non-irqsave
version since the xfer->lock is already held and irqs already disabled.
Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed