korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-03 00:54:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,226,922 Commits 113 Branches 5,293 Tags 3.6 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
6b99de301d
Go to file
Mathias Nyman 6b99de301d xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration 
commit af8e119f52 upstream.

re-enumerating full-speed devices after a failed address device command
can trigger a NULL pointer dereference.

Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size
value during enumeration. Usb core calls usb_ep0_reinit() in this case,
which ends up calling xhci_configure_endpoint().

On Panther point xHC the xhci_configure_endpoint() function will
additionally check and reserve bandwidth in software. Other hosts do
this in hardware

If xHC address device command fails then a new xhci_virt_device structure
is allocated as part of re-enabling the slot, but the bandwidth table
pointers are not set up properly here.
This triggers the NULL pointer dereference the next time usb_ep0_reinit()
is called and xhci_configure_endpoint() tries to check and reserve
bandwidth

[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd
[46710.713699] usb 3-1: Device not responding to setup address.
[46710.917684] usb 3-1: Device not responding to setup address.
[46711.125536] usb 3-1: device not accepting address 5, error -71
[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008
[46711.125600] #PF: supervisor read access in kernel mode
[46711.125603] #PF: error_code(0x0000) - not-present page
[46711.125606] PGD 0 P4D 0
[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1
[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.
[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]
[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c

Fix this by making sure bandwidth table pointers are set up correctly
after a failed address device command, and additionally by avoiding
checking for bandwidth in cases like this where no actual endpoints are
added or removed, i.e. only context for default control endpoint 0 is
evaluated.

Reported-by: Karel Balej <balejk@matfyz.cz>
Closes: https://lore.kernel.org/linux-usb/D3CKQQAETH47.1MUO22RTCH2O3@matfyz.cz/
Cc: stable@vger.kernel.org
Fixes: 651aaf36a7 ("usb: xhci: Handle USB transaction error on address command")
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20240815141117.2702314-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-29 17:33:12 +02:00
arch KVM: arm64: Don't pass a TLBI level hint when zapping table entries 2024-08-19 06:04:31 +02:00
block block: fix deadlock between sd_remove & sd_release 2024-08-03 08:54:24 +02:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: aead,cipher - zeroize key buffer after use 2024-07-11 12:49:04 +02:00
Documentation mm/page_table_check: support userfault wr-protect entries 2024-08-19 06:04:29 +02:00
drivers xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration 2024-08-29 17:33:12 +02:00
fs fuse: Initialize beyond-EOF page contents before setting uptodate 2024-08-29 17:33:11 +02:00
include Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD" 2024-08-29 17:33:10 +02:00
init rust: SHADOW_CALL_STACK is incompatible with Rust 2024-08-11 12:47:24 +02:00
io_uring io_uring: fix io_match_task must_hold 2024-08-03 08:54:41 +02:00
ipc sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:47:13 +02:00
kernel bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie. 2024-08-19 06:04:27 +02:00
lib lib/build_OID_registry: don't mention the full path of the script in output 2024-08-03 08:54:32 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick 2024-08-19 06:04:31 +02:00
net fou: remove warn in gue_gro_receive on unsupported protocol 2024-08-19 06:04:30 +02:00
rust rust: kernel: require Send for Module implementations 2024-05-17 12:01:56 +02:00
samples bpf: Replace bpf_lpm_trie_key 0-length array with flexible array 2024-08-19 06:04:27 +02:00
scripts kbuild: avoid build error when single DTB is turned into composite DTB 2024-08-03 08:54:36 +02:00
security selinux: revert our use of vma_is_initial_heap() 2024-08-29 17:33:11 +02:00
sound ALSA: usb-audio: Support Yamaha P-125 quirk entry 2024-08-29 17:33:11 +02:00
tools bpf: Replace bpf_lpm_trie_key 0-length array with flexible array 2024-08-19 06:04:27 +02:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:49:11 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
Makefile Linux 6.6.47 2024-08-19 06:04:32 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.