AnsweredAssumed Answered

Question on MLK-9618-2

Question asked by Todd Blanchard on Aug 12, 2019
Latest reply on Aug 16, 2019 by jimmychan

(commit f21e960aba9618c527650cfe3a69cc3ea583ac2a)

 

What is the purpose of the above commit? The details surrounding it are vague, and it is not in mainline. This commit contains a blatant use-after-free:

 

usb_remove_hcd(hcd);
usb_put_hcd(hcd); <-- FREE
if (ci->platdata->reg_vbus && !ci_otg_is_fsm_mode(ci) &&
   (ci->platdata->flags & CI_HDRC_IMX_VBUS_EARLY_ON))
      regulator_disable(ci->platdata->reg_vbus);
+ if (hcd->self.is_b_host)
+ hcd->self.is_b_host = 0; <-- use-after free

 

Enabling SLUB_DEBUG exposes the use-after-free, and I have confirmed this is causing corruption in other, random 1024 byte slabs.

 

I would just revert the commit, but would like to know the problem it is trying to solve.

 

Thx

Outcomes