Am Freitag, den 12.05.2017, 15:00 +0200 schrieb Michael Grzeschik:
> The usbip stack handles the kmalloc and kfree of the transfered buffers. Some
> USB-Stacks add the flag URB_FREE_BUFFER to their urbs, so the usb layer
> removes
> it in usb_free_urb. This can lead to double free situations as the usbip stack
> already removes its created buffers. To avoid that we remove this flag from
> the
> usbip transfered urbs.
Hi,
something is fishy here. urb_destroy() frees the buffer and the URB.
If this leads to a double free ever, you are already accessing freed
memory. This patch is a definite NACK. The analysis may be right, but
the fix is wrong.
Regards
Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
