)]}'
{
  "commit": "b2d102bd0146d9eb1fa630ca0cd19a15ef2f74c8",
  "tree": "b72e8dbe029487643c5150e5360c04ebebeb4446",
  "parents": [
    "40e020c129cfc991e8ab4736d2665351ffd1468d"
  ],
  "author": {
    "name": "Zhizhou Zhang",
    "email": "zhizhouzhang@asrmicro.com",
    "time": "Wed Nov 21 11:01:43 2018 +0800"
  },
  "committer": {
    "name": "Jens Wiklander",
    "email": "jens.wiklander@linaro.org",
    "time": "Tue Dec 11 14:38:21 2018 +0100"
  },
  "message": "tee: optee: avoid possible double list_del()\n\nThis bug occurs when:\n\n- a new request arrives, one thread(let\u0027s call it A) is pending in\n  optee_supp_req() with req-\u003ebusy is initial value false.\n\n- tee-supplicant is killed, then optee_supp_release() is called, this\n  function calls list_del(\u0026req-\u003elink), and set supp-\u003ectx to NULL. And\n  it also wake up process A.\n\n- process A continues, it firstly checks supp-\u003ectx which is NULL,\n  then checks req-\u003ebusy which is false, at last run list_del(\u0026req-\u003elink).\n  This triggers double list_del() and results kernel panic.\n\nFor solve this problem, we rename req-\u003ebusy to req-\u003ein_queue, and\nassociate it with state of whether req is linked to supp-\u003ereqs. So we\ncan just only check req-\u003ein_queue to make decision calling list_del()\nor not.\n\nSigned-off-by: Zhizhou Zhang \u003czhizhouzhang@asrmicro.com\u003e\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "df35fc01fd3e5eec43088112ac7976f72c69164f",
      "old_mode": 33188,
      "old_path": "drivers/tee/optee/supp.c",
      "new_id": "43626e15703a80ddf48360c0622f37b813b76809",
      "new_mode": 33188,
      "new_path": "drivers/tee/optee/supp.c"
    }
  ]
}