korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-14 22:44:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
d00889080a
linux/drivers/usb
History
Marian-Cristian Rotariu d00889080a usb: dwc3: ep0: fix NULL pointer exception 
There is no validation of the index from dwc3_wIndex_to_dep() and we might
be referring a non-existing ep and trigger a NULL pointer exception. In
certain configurations we might use fewer eps and the index might wrongly
indicate a larger ep index than existing.

By adding this validation from the patch we can actually report a wrong
index back to the caller.

In our usecase we are using a composite device on an older kernel, but
upstream might use this fix also. Unfortunately, I cannot describe the
hardware for others to reproduce the issue as it is a proprietary
implementation.

[   82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4
[   82.966891] Mem abort info:
[   82.969663]   ESR = 0x96000006
[   82.972703]   Exception class = DABT (current EL), IL = 32 bits
[   82.978603]   SET = 0, FnV = 0
[   82.981642]   EA = 0, S1PTW = 0
[   82.984765] Data abort info:
[   82.987631]   ISV = 0, ISS = 0x00000006
[   82.991449]   CM = 0, WnR = 0
[   82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc
[   83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000
[   83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)
[   83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1
[   83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)
[   83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c
[   83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94

...

[   83.141788] Call trace:
[   83.144227]  dwc3_ep0_handle_feature+0x414/0x43c
[   83.148823]  dwc3_ep0_interrupt+0x3b4/0xc94
[   83.181546] ---[ end trace aac6b5267d84c32f ]---

Signed-off-by: Marian-Cristian Rotariu <marian.c.rotariu@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210608162650.58426-1-marian.c.rotariu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-09 11:03:32 +02:00
..
atm drivers: usb: atm: use pr_err() and pr_warn() instead of raw printk() 2020-12-09 15:22:51 +01:00
c67x00 usb/c67x00: Replace tasklet with work 2021-01-26 18:36:37 +01:00
cdns3 usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler 2021-05-27 09:36:20 +08:00
chipidea usb: chipidea: udc: assign interrupt number to USB gadget structure 2021-05-17 10:04:05 +08:00
class cdc-wdm: untangle a circular dependency between callback and softint 2021-05-10 14:39:51 +02:00
common usb: common: move function's kerneldoc next to its definition 2021-03-10 09:37:17 +01:00
core USB: usbfs: Don't WARN about excessively large memory allocations 2021-05-21 14:24:46 +02:00
dwc2 usb: dwc2: Remove obsolete MODULE_ constants from platform.c 2021-05-10 14:59:05 +02:00
dwc3 usb: dwc3: ep0: fix NULL pointer exception 2021-06-09 11:03:32 +02:00
early usb: early: ehci-dbgp: convert to readl_poll_timeout_atomic() 2020-09-25 16:29:09 +02:00
gadget usb: gadget: eem: fix wrong eem header operation 2021-06-09 10:57:52 +02:00
host usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir 2021-06-09 10:36:00 +02:00
image USB: microtek: use set_host_byte() 2020-09-16 12:42:10 +02:00
isp1760 usb: isp1760-hcd: convert to readl_poll_timeout_atomic() 2020-09-25 16:30:05 +02:00
misc USB: trancevibrator: fix control-request direction 2021-05-21 20:10:43 +02:00
mon
mtu3 usb: mtu3: drop CONFIG_OF 2021-03-26 14:47:19 +01:00
musb usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling 2021-06-02 16:58:08 +02:00
phy usb: phy: phy-mxs-usb: Use of_device_get_match_data() 2021-01-18 18:35:46 +01:00
renesas_usbhs usb: renesas_usbhs: fix error return code of usbhsf_pkt_handler() 2021-03-23 12:42:15 +01:00
roles usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() 2021-04-09 16:07:03 +02:00
serial USB: serial: ftdi_sio: add NovaTech OrionMX product ID 2021-06-05 12:26:01 +02:00
storage usb: storage: datafab: remove redundant assignment of variable result 2021-04-22 10:52:10 +02:00
typec usb: typec: intel_pmc_mux: Put ACPI device using acpi_dev_put() 2021-06-09 10:56:14 +02:00
usbip Scheduler updates for this cycle are: 2021-04-28 13:33:57 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver 2020-12-29 12:36:13 +08:00
usb-skeleton.c