Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

28 participants
6614 discussions

by divedtomson＠gmail.com

1 month, 2 weeks

¿Qué es la cocaína? | Cocaína de calidad

by divedtomson＠gmail.com

1 month, 2 weeks

Pedir cocaína sin receta

by divedtomson＠gmail.com

1 month, 2 weeks

Comprar cocaína sin receta

by divedtomson＠gmail.com

1 month, 2 weeks

Cocaína

by divedtomson＠gmail.com

Para realizar su pedido: CORREO ELECTRÓNICO: adminconsultarr(a)gmail.com https://consultarr.com/ Compre medicamentos de buena calidad sin receta en España: a precio reducido. Medicamentos online sin receta para el TDAH en España, Suecia, Noruega, Dinamarca, Alemania, Finlandia, Países Bajos y Francia. Ofrecemos embalaje discreto y envíos a todas las direcciones con número de seguimiento. Realice su pedido ahora en nuestra web: https://consultarr.com/ Entrega en 24 horas Para realizar su pedido: CORREO ELECTRÓNICO: adminconsultarr(a)gmail.com Realice su pedido ahora en nuestra web: https://consultarr.com/ Aceptamos pedidos pequeños y grandes de al menos 100 comprimidos. Compre ahora Oxynorm Tramadol 200 (Quaalude) 300 mg disponible a precio reducido. Realizamos envíos a España. Para realizar un pedido, contáctenos. Haga su pedido ahora en nuestra página web: https://consultarr.com/ Aceptamos pedidos pequeños y grandes, con un mínimo de 100 unidades. Además de Elvanse 50/70 mg, ahora disponemos de precursores de otros medicamentos como: Xanax 2 mg Dilaudid 8 mg Oxicodona 30 mg Rubifen 20 mg Suboxone en tiras de 8 mg Adderall 30 mg Hidrocodona 10/325 mg Diazepam Valium 10 mg Percocet 30 mg Cocaína Vicodin 5-10 mg Klonopin 2 mg Opana 40 mg Oxynorm 20 mg Oxycontin 40 mg Duromine 40 mg MDMA (Éxtasis) 50 mg Metadona 40 mg Tramadol 200 mg mg Éxtasis (MDMA) Elvanse 50/70 mg Vyvanse Efedrina 30 mg Sobril 25 mg Imovane 7.5 mg Stesolid 10 mg Zolpidem 10 mg Rivotril 2 mg Rohypnol 2 mg Nitrazepam 5 mg Tilidin 100/8 mg Concerta 18–36 mg Morfina 15 mg Dolol 100 mg Mandrax (Quaalude) 300 mg Jarabe de codeína Ritalin 20 mg Ambien 10 mg Arimidex 1 mg Cialis 20 mg Levitra 20 mg Lexotanil Bromazepam 6 mg Voltaren 50 mg Clorodiazepam Nolvadex 20 mg Donormyl 15 mg Nembutal Alprazolam 2 mg Tradolan 50 mg Lortab Watson 7.5 mg Fentanyl Bandage 100 mg Stilnox 10 mg Viagra 100 mg Cocaína Trankimazin 2 mg Metadona 40 mg Subutex 8 mg Lyrica 300 mg Sekonal Soma 350 mg y muchos más Para ordenar: https://consultarr.com/ CORREO ELECTRÓNICO: cadminconsultarr(a)gmail.com Nuestros precios son negociables. Empaquetamos y enviamos discretamente libres de impuestos. Con nosotros, su entrega es segura y 100% garantizada. Puede solicitar cualquier medicamento sin receta. VENTAJAS DE PEDIR MEDICAMENTOS CON NOSOTROS Sin receta ENTREGA DISCRETA MENSAJE DE ENTREGA EN TODO EL PAÍS TRANSFERENCIA - El número de seguimiento garantiza la seguridad de todas las transferencias Entrega segura y garantizada HASTA UN 25% DE DESCUENTO Para ordenar: https://consultarr.com/ CORREO ELECTRÓNICO: cadminconsultarr(a)gmail.com

1 month, 2 weeks

Cómo y cuándo tomar cocaína

by divedtomson＠gmail.com

1 month, 2 weeks

Comprar cocaína | Cocaína de calidad

by divedtomson＠gmail.com

1 month, 2 weeks

Comprar/pedir cocaína con entrega rápida

by divedtomson＠gmail.com

1 month, 2 weeks

Slithering into Fun: Mastering the Classic Snake Game

by serious.halibut.leeg＠hidingmail.com

The Snake Game – simple, addictive, and utterly timeless. It's a game that has graced countless screens, from early mobile phones to web browsers, and continues to be a source of casual entertainment for millions. But behind its deceptively simple premise lies a surprising amount of skill and strategy. Let's dive into how to not just play the Snake Game, but how to experience it. https://snakegame.onl Gameplay: A Simple Dance of Digits and Delight The core concept of the Snake Game is beautifully straightforward. You control a snake, initially a small line segment, navigating within a defined play area. Your goal? To consume food, typically represented by small dots or blocks, without crashing into the walls, your own body, or obstacles if any are present in the version you're playing. Each time your snake eats food, it grows longer, increasing the difficulty as maneuvering space becomes more constrained. The game ends when you collide with yourself or the boundaries of the play area. Sound easy? Try it! The real challenge lies in predicting future movements, planning efficient paths, and adapting to the ever-increasing length of your serpentine friend. Many variations of the Snake Game exist, often with added features like walls within the playing field, power-ups, and different control schemes. Some even offer multiplayer options, allowing you to compete against friends or other players online. Regardless of the specific version, the fundamental mechanics remain the same. Tips and Tricks: Becoming a Snake Charmer While the Snake Game appears luck-based at times, mastering a few key strategies can significantly improve your score and extend your gameplay: Plan Ahead: Don’t just react to the immediate situation. Try to anticipate your snake's movements several steps in advance. Visualize the path you'll need to take to collect the next food pellet without painting yourself into a corner. Utilize Corners: Corners are your best friends. They provide a temporary safe haven where you can change direction and reassess your surroundings. Master the art of hugging the walls and making sharp turns. Create Space: As your snake grows, space becomes a precious commodity. Aim to create loops and empty areas within the playing field to give yourself more room to maneuver. A well-executed loop can buy you valuable time and prevent a fatal crash. Patience is Key: Don’t rush. Sometimes the best strategy is to wait for an opportunity to present itself. Avoid making risky moves that could lead to a premature end. Learn the Algorithm (Sort Of): Some players find it beneficial to develop a mental "algorithm" or pattern for their snake's movements. This could involve consistently circling the outer edges of the play area or employing a specific sequence of turns. Experiment to find what works best for you. Embrace the Simplicity: A Timeless Classic The Snake Game is more than just a game; it's a piece of digital history. Its enduring appeal lies in its simplicity, accessibility, and addictive gameplay. Whether you're a seasoned veteran or a newcomer, there's always something to enjoy about this classic title. So, fire up your device, control your snake, and get ready for a slithering good time. You might be surprised at how engaging this seemingly simple game can be!

1 month, 2 weeks

[PATCH] usb: gadget: f_fs: serialize DMABUF cancel against request completion

by Michael Bommarito

ffs_epfile_dmabuf_io_complete() calls usb_ep_free_request() on the completed request but leaves priv->req, the back-pointer that ffs_dmabuf_transfer() set on submission, pointing at the freed memory. A later FUNCTIONFS_DMABUF_DETACH ioctl or ffs_epfile_release() on the close path still sees priv->req non-NULL under ffs->eps_lock: if (priv->ep && priv->req) usb_ep_dequeue(priv->ep, priv->req); so usb_ep_dequeue() is called on a freed usb_request. On dummy_hcd the dequeue path only walks a live queue and pointer-compares, so the freed pointer reads without faulting and KASAN requires an explicit check at the FunctionFS call site to surface the use-after-free. On SG-capable in-tree UDCs the dequeue path dereferences the supplied request immediately: * chipidea's ep_dequeue() does container_of(req, struct ci_hw_req, req) and reads hwreq->req.status before acquiring its own lock. * cdnsp's cdnsp_gadget_ep_dequeue() reads request->status first. The narrower option of clearing priv->req via cmpxchg() in the completion does not close the race: the completion runs without eps_lock, so a cancel path holding eps_lock can still observe priv->req non-NULL, race a concurrent completion that clears and frees, and pass the freed pointer to usb_ep_dequeue(). A slightly longer fix that moves the free into the cleanup work is needed. Same class of lifetime race as the recent usbip-vudc timer fix [1]. Take eps_lock in the sole place that mutates priv->req from the callback direction by moving usb_ep_free_request() out of the completion into ffs_dmabuf_cleanup(), the existing work handler scheduled by ffs_dmabuf_signal_done() on ffs->io_completion_wq. Clear priv->req there under eps_lock before freeing, and only clear if priv->req still names our request (a subsequent ffs_dmabuf_transfer() on the same attachment may have queued a new one). This keeps the existing dummy_hcd sync-dequeue invariant: the completion callback is still invoked by the UDC without eps_lock held (dummy_hcd drops its own lock before calling the callback), and the callback now takes no f_fs lock at all. Serialization against the cancel path happens in cleanup, which runs from the workqueue with no f_fs lock held on entry. The priv ref count protects the containing ffs_dmabuf_priv: ffs_dmabuf_transfer() takes a ref via ffs_dmabuf_get(), cleanup drops it via ffs_dmabuf_put(), so priv stays live for the cleanup even after the cancel path's list_del + ffs_dmabuf_put. The ffs_dmabuf_transfer() error path no longer frees usb_req inline: fence->req and fence->ep are set before usb_ep_queue(), so ffs_dmabuf_cleanup() (scheduled by the error-path ffs_dmabuf_signal_done()) owns the free regardless of whether the queue succeeded. Reproduced under KASAN on both detach and close paths against dummy_hcd with an observability hook (kasan_check_byte(priv->req) immediately before usb_ep_dequeue) at the two FunctionFS cancel sites to surface the stale-pointer access; the hook is not part of this patch. The KASAN allocator / free stacks in the captured splats identify the same request: alloc in dummy_alloc_request, free in dummy_timer, fault reached from ffs_epfile_release (close) and from the FUNCTIONFS_DMABUF_DETACH ioctl (detach). With the patch applied, both paths are silent under the same hook. The bug is reached from the FunctionFS device node, which in real deployments is owned by the privileged gadget daemon (adbd, UMS, composite gadget services, etc.); it is not reachable from unprivileged userspace or from a USB host on the cable. FunctionFS mounts default to GLOBAL_ROOT_UID, but the filesystem supports uid=, gid=, and fmode= delegation to a non-root gadget daemon, so on real deployments the attacker may be a less-privileged service rather than root. Fixes: 7b07a2a7ca02 ("usb: gadget: functionfs: Add DMABUF import interface") Link: https://lore.kernel.org/all/20260417163552.807548-1-michael.bommarito@gmail… [1] Cc: stable(a)vger.kernel.org Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Michael Bommarito <michael.bommarito(a)gmail.com> --- drivers/usb/gadget/function/f_fs.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 815639506520..75912ce6ab55 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -150,6 +150,8 @@ struct ffs_dma_fence { struct dma_fence base; struct ffs_dmabuf_priv *priv; struct work_struct work; + struct usb_ep *ep; + struct usb_request *req; }; struct ffs_epfile { @@ -1385,6 +1387,21 @@ static void ffs_dmabuf_cleanup(struct work_struct *work) struct ffs_dmabuf_priv *priv = dma_fence->priv; struct dma_buf_attachment *attach = priv->attach; struct dma_fence *fence = &dma_fence->base; + struct usb_request *req = dma_fence->req; + struct usb_ep *ep = dma_fence->ep; + + /* + * eps_lock pairs with the cancel paths so they cannot pass a freed + * req to usb_ep_dequeue(). Only clear if priv->req still names ours; + * a re-queue on the same attachment may have taken that slot. + */ + spin_lock_irq(&priv->ffs->eps_lock); + if (priv->req == req) + priv->req = NULL; + spin_unlock_irq(&priv->ffs->eps_lock); + + if (ep && req) + usb_ep_free_request(ep, req); ffs_dmabuf_put(attach); dma_fence_put(fence); @@ -1414,8 +1431,8 @@ static void ffs_epfile_dmabuf_io_complete(struct usb_ep *ep, struct usb_request *req) { pr_vdebug("FFS: DMABUF transfer complete, status=%d\n", req->status); + /* req is freed by ffs_dmabuf_cleanup() under eps_lock. */ ffs_dmabuf_signal_done(req->context, req->status); - usb_ep_free_request(ep, req); } static const char *ffs_dmabuf_get_driver_name(struct dma_fence *fence) @@ -1699,6 +1716,10 @@ static int ffs_dmabuf_transfer(struct file *file, usb_req->context = fence; usb_req->complete = ffs_epfile_dmabuf_io_complete; + /* ffs_dmabuf_cleanup() frees usb_req via these two fields. */ + fence->req = usb_req; + fence->ep = ep->ep; + cookie = dma_fence_begin_signalling(); ret = usb_ep_queue(ep->ep, usb_req, GFP_ATOMIC); dma_fence_end_signalling(cookie); @@ -1708,7 +1729,6 @@ static int ffs_dmabuf_transfer(struct file *file, } else { pr_warn("FFS: Failed to queue DMABUF: %d\n", ret); ffs_dmabuf_signal_done(fence, ret); - usb_ep_free_request(ep->ep, usb_req); } spin_unlock_irq(&epfile->ffs->eps_lock); -- 2.53.0

1 month, 2 weeks

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig