korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-20 18:54:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
1957de95d4
linux/drivers/usb
History
Guenter Roeck 1957de95d4 usb: typec: tcpm: Add NULL check before dereferencing config 
When instantiating tcpm on an NXP OM 13588 board with NXP PTN5110,
the following crash is seen when writing into the 'preferred_role'
sysfs attribute.

Unable to handle kernel NULL pointer dereference at virtual address 00000028
pgd = f69149ad
[00000028] *pgd=00000000
Internal error: Oops: 5 [#1] THUMB2
Modules linked in: tcpci tcpm
CPU: 0 PID: 1882 Comm: bash Not tainted 5.1.18-sama5-armv7-r2 #4
Hardware name: Atmel SAMA5
PC is at tcpm_try_role+0x3a/0x4c [tcpm]
LR is at tcpm_try_role+0x15/0x4c [tcpm]
pc : [<bf8000e2>]    lr : [<bf8000bd>]    psr: 60030033
sp : dc1a1e88  ip : c03fb47d  fp : 00000000
r10: dc216190  r9 : dc1a1f78  r8 : 00000001
r7 : df4ae044  r6 : dd032e90  r5 : dd1ce340  r4 : df4ae054
r3 : 00000000  r2 : 00000000  r1 : 00000000  r0 : df4ae044
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment none
Control: 50c53c7d  Table: 3efec059  DAC: 00000051
Process bash (pid: 1882, stack limit = 0x6a6d4aa5)
Stack: (0xdc1a1e88 to 0xdc1a2000)
1e80:                   dd05d808 dd1ce340 00000001 00000007 dd1ce340 c03fb4a7
1ea0: 00000007 00000007 dc216180 00000000 00000000 c01e1e03 00000000 00000000
1ec0: c0907008 dee98b40 c01e1d5d c06106c4 00000000 00000000 00000007 c0194e8b
1ee0: 0000000a 00000400 00000000 c01a97db dc22bf00 ffffe000 df4b6a00 df745900
1f00: 00000001 00000001 000000dd c01a9c2f 7aeab3be c0907008 00000000 dc22bf00
1f20: c0907008 00000000 00000000 00000000 00000000 7aeab3be 00000007 dee98b40
1f40: 005dc318 dc1a1f78 00000000 00000000 00000007 c01969f7 0000000a c01a20cb
1f60: dee98b40 c0907008 dee98b40 005dc318 00000000 c0196b9b 00000000 00000000
1f80: dee98b40 7aeab3be 00000074 005dc318 b6f3bdb0 00000004 c0101224 dc1a0000
1fa0: 00000004 c0101001 00000074 005dc318 00000001 005dc318 00000007 00000000
1fc0: 00000074 005dc318 b6f3bdb0 00000004 00000007 00000007 00000000 00000000
1fe0: 00000004 be800880 b6ed35b3 b6e5c746 60030030 00000001 00000000 00000000
[<bf8000e2>] (tcpm_try_role [tcpm]) from [<c03fb4a7>] (preferred_role_store+0x2b/0x5c)
[<c03fb4a7>] (preferred_role_store) from [<c01e1e03>] (kernfs_fop_write+0xa7/0x150)
[<c01e1e03>] (kernfs_fop_write) from [<c0194e8b>] (__vfs_write+0x1f/0x104)
[<c0194e8b>] (__vfs_write) from [<c01969f7>] (vfs_write+0x6b/0x104)
[<c01969f7>] (vfs_write) from [<c0196b9b>] (ksys_write+0x43/0x94)
[<c0196b9b>] (ksys_write) from [<c0101001>] (ret_fast_syscall+0x1/0x62)

Since commit 96232cbc6c ("usb: typec: tcpm: support get typec and pd
config from device properties"), the 'config' pointer in struct tcpc_dev
is optional when registering a Type-C port. Since it is optional, we have
to check if it is NULL before dereferencing it.

Reported-by: Douglas Gilbert <dgilbert@interlog.com>
Cc: Douglas Gilbert <dgilbert@interlog.com>
Fixes: 96232cbc6c ("usb: typec: tcpm: support get typec and pd config from device properties")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Jun Li <jun.li@nxp.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/1563979112-22483-1-git-send-email-linux@roeck-us.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-30 11:04:09 +02:00
..
atm USB: atm: ueagle-atm.c: remove redundant license text 2019-06-03 15:21:57 +02:00
c67x00
chipidea - Add imx7ulp support. 2019-07-05 07:19:28 +02:00
class docs: usb: rename files to .rst and add them to drivers-api 2019-06-20 14:28:36 +02:00
common USB: move usb debugfs directory creation to the usb common core 2019-06-06 08:59:19 +02:00
core usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() 2019-07-25 10:40:02 +02:00
dwc2 USB: more changes for v5.3 merge window 2019-07-03 13:48:54 +02:00
dwc3 Revert "usb:gadget Separated decoding functions from dwc3 driver." 2019-07-04 13:02:09 +02:00
early drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
gadget Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
host xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT). 2019-07-25 11:26:42 +02:00
image scsi: usb: image: microtek: use sg helper to iterate over scatterlist 2019-06-20 15:21:32 -04:00
isp1760 usb: isp1760-hcd: Fix fall-through annotations 2019-05-01 18:13:52 +02:00
misc usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port 2019-07-25 11:16:19 +02:00
mon docs: usb: rename files to .rst and add them to drivers-api 2019-06-20 14:28:36 +02:00
mtu3 Revert "usb: mtu3: fix up undefined reference to usb_debug_root" 2019-06-10 19:43:57 +02:00
musb usb: musb: dsps: Use dev_get_drvdata() 2019-04-30 17:55:08 +02:00
phy Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
renesas_usbhs USB: more changes for v5.3 merge window 2019-07-03 13:48:54 +02:00
roles device connection: Find connections also by checking the references 2019-06-03 10:55:38 +02:00
serial USB-serial updates for 5.3-rc1 2019-07-03 09:20:31 +02:00
storage usb-storage: Add a limitation for blk_queue_max_hw_sectors() 2019-07-25 10:40:02 +02:00
typec usb: typec: tcpm: Add NULL check before dereferencing config 2019-07-30 11:04:09 +02:00
usbip usbip: Replace unused kvec array with single variable in vhci_send_cmd_unlink() 2019-06-05 11:54:38 +02:00
wusbcore wusb: switch to cbcmac transform 2019-06-18 08:52:34 +02:00
Kconfig dma-mapping updates for Linux 5.3 2019-07-12 15:13:55 -07:00
Makefile Revert "usb:cdns3 Add Cadence USB3 DRD Driver" 2019-07-04 13:01:33 +02:00
usb-skeleton.c usb: usb-skeleton: use irqsave() in USB's complete callback 2018-06-28 19:36:06 +09:00