Re: [PATCH 1/1] usb: xhci: fix possible wild pointer

Hi, On 12/02/2016 09:39 PM, Mathias Nyman wrote: > On 02.12.2016 04:29, Lu Baolu wrote: >> handle_cmd_completion() frees a command structure which might >> be still referenced by xhci->current_cmd. This might cause >> problem when xhci->current_cmd is accessed after that. >> >> A real-life case

Re: [PATCH 1/1] usb: xhci: fix possible wild pointer

On 02.12.2016 04:29, Lu Baolu wrote: handle_cmd_completion() frees a command structure which might be still referenced by xhci->current_cmd. This might cause problem when xhci->current_cmd is accessed after that. A real-life case could be like this. The host takes a very long time to respond to

Re: [PATCH 1/1] usb: xhci: fix possible wild pointer

On 2 December 2016 at 12:40, Lu Baolu wrote: > Hi, > > On 12/02/2016 12:18 PM, Baolin Wang wrote: >> On 2 December 2016 at 10:29, Lu Baolu wrote: >>> handle_cmd_completion() frees a command structure which might >>> be still referenced by

Re: [PATCH 1/1] usb: xhci: fix possible wild pointer

Hi, On 12/02/2016 12:18 PM, Baolin Wang wrote: > On 2 December 2016 at 10:29, Lu Baolu wrote: >> handle_cmd_completion() frees a command structure which might >> be still referenced by xhci->current_cmd. This might cause >> problem when xhci->current_cmd is accessed

Re: [PATCH 1/1] usb: xhci: fix possible wild pointer

On 2 December 2016 at 10:29, Lu Baolu wrote: > handle_cmd_completion() frees a command structure which might > be still referenced by xhci->current_cmd. This might cause > problem when xhci->current_cmd is accessed after that. > > A real-life case could be like this. The

[PATCH 1/1] usb: xhci: fix possible wild pointer

handle_cmd_completion() frees a command structure which might be still referenced by xhci->current_cmd. This might cause problem when xhci->current_cmd is accessed after that. A real-life case could be like this. The host takes a very long time to respond to a command, and the command timer is