gt; chips.com; gaura...@google.com; albe...@google.com;
> > > w...@rock-chips.com; jwer...@chromium.org;
> > > jeffy.c...@rock-chips.com; Herrero, Gregory; Kaukab, Yousaf;
> > > huang...@rock-chips.com; rockchip-disc...@chromium.org; Greg
> > > Kroah-Hartman
-chips.com;
> jwer...@chromium.org; jeffy.c...@rock-chips.com; Herrero, Gregory;
> huang...@rock-chips.com; rockchip-disc...@chromium.org; Greg Kroah-
> Hartman; linux-usb@vger.kernel.org; linux-ker...@vger.kernel.org
> Subject: RE: [PATCH v1] usb: dwc2: gadget: fix a memory use-after-free bu
gle.com; w...@rock-chips.com;
> jwer...@chromium.org; jeffy.c...@rock-chips.com; Herrero, Gregory;
> Kaukab, Yousaf; huang...@rock-chips.com; rockchip-disc...@chromium.org;
> Greg Kroah-Hartman; linux-usb@vger.kernel.org; linux-ker...@vger.kernel.org
> Subject: Re: [PATCH v1] usb: dwc2:
Am Freitag, 29. Mai 2015, 13:22:26 schrieb Yunzhi Li:
> When s3c_hsotg_handle_unaligned_buf_complete() hs_req->req.buf
> already destroyed, in s3c_hsotg_unmap_dma(), it touches
> hs_req->req.dma again, so s3c_hsotg_unmap_dma() should be called
> before s3c_hsotg_handle_unaligned_buf_complete(). Oth
On 5/28/2015 10:22 PM, Yunzhi Li wrote:
> When s3c_hsotg_handle_unaligned_buf_complete() hs_req->req.buf
> already destroyed, in s3c_hsotg_unmap_dma(), it touches
> hs_req->req.dma again, so s3c_hsotg_unmap_dma() should be called
> before s3c_hsotg_handle_unaligned_buf_complete(). Otherwise, it
> w
-chips.com;
> jwer...@chromium.org; jeffy.c...@rock-chips.com; Herrero, Gregory;
> Kaukab, Yousaf; huang...@rock-chips.com; rockchip-disc...@chromium.org;
> Yunzhi Li; Greg Kroah-Hartman; linux-usb@vger.kernel.org; linux-
> ker...@vger.kernel.org
> Subject: [PATCH v1] usb: dwc2: gadget
When s3c_hsotg_handle_unaligned_buf_complete() hs_req->req.buf
already destroyed, in s3c_hsotg_unmap_dma(), it touches
hs_req->req.dma again, so s3c_hsotg_unmap_dma() should be called
before s3c_hsotg_handle_unaligned_buf_complete(). Otherwise, it
will cause a bad_page BUG, when allocate this memor
