Re: [patch -target tree] usb: gadget: f_tcm: use after free

[Nicholas A. Bellinger]

On Wed, 2016-03-09 at 13:38 +0200, Felipe Balbi wrote:
> Hi,
> 
> "Nicholas A. Bellinger" <nab@xxxxxxxxxxxxxxx> writes:
> > [ text/plain ]
> > Hi Felipe + usb-gadget folks,
> >
> > On Wed, 2016-03-02 at 13:55 +0200, Felipe Balbi wrote:
> >> Dan Carpenter <dan.carpenter@xxxxxxxxxx> writes:
> >> > We need to move the kfree() down a line so we don't dereference a freed
> >> > variable.
> >> >
> >> > Fixes: 1b418a8fcbc0 ('target: Convert demo-mode only drivers to target_alloc_session')
> >> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> >> 
> >> It's okay to take this via target:
> >> 
> >> Signed-off-by: Felipe Balbi <balbi@xxxxxxxxxx>
> >> 
> >
> > Note this specific patch is only a mechanical change, and we still need
> > reviews for the more interesting conversions:
> >
> > usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation
> > http://www.spinics.net/lists/target-devel/msg11777.html
> >
> > usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs
> > http://www.spinics.net/lists/target-devel/msg11782.html
> >
> I don't have either patch in my inbox apparently. Care to resend ?
> 
> sorry
> 

A -v4 is going on this week, and will make sure they hit your inbox.