korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-13 22:14:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
dde634057d
linux/drivers/usb/host
History
Alexander Kappner dde634057d xhci: Fix use-after-free in xhci debugfs 
Trying to read from debugfs after the system has resumed from
hibernate causes a use-after-free and thus a protection fault.

Steps to reproduce:
Hibernate system, resume from hibernate, then run
$ cat /sys/kernel/debug/usb/xhci/*/command-ring/enqueue

[ 3902.765086] general protection fault: 0000 [#1] PREEMPT SMP
...
[ 3902.765136] RIP: 0010:xhci_trb_virt_to_dma.part.50+0x5/0x30
...
[ 3902.765178] Call Trace:
[ 3902.765188]  xhci_ring_enqueue_show+0x1e/0x40
[ 3902.765197]  seq_read+0xdb/0x3a0
[ 3902.765204]  ? __handle_mm_fault+0x5fb/0x1210
[ 3902.765211]  full_proxy_read+0x4a/0x70
[ 3902.765219]  __vfs_read+0x23/0x120
[ 3902.765228]  vfs_read+0x8e/0x130
[ 3902.765235]  SyS_read+0x42/0x90
[ 3902.765242]  do_syscall_64+0x6b/0x290
[ 3902.765251]  entry_SYSCALL64_slow_path+0x25/0x25

The issue is caused by the xhci ring structures being reallocated
when the system is resumed, but pointers to the old structures
being retained in the debugfs files "private" field:

The proposed patch fixes this issue by storing a pointer to the xhci_ring
field in the xhci device structure in debugfs rather than directly
storing a pointer to the xhci_ring.

Fixes: 02b6fdc2a1 ("usb: xhci: Add debugfs interface for xHCI driver")
Signed-off-by: Alexander Kappner <agk@godking.net>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-27 15:24:27 +01:00
..
whci USB: host: whci: Remove redundant license text 2017-11-07 15:45:02 +01:00
bcma-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-atmel.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-dbg.c usb: host: fix incorrect updating of offset 2017-11-28 15:17:48 +01:00
ehci-exynos.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-fsl.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-fsl.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-grlib.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hcd.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hub.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mem.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mv.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mxc.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-omap.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-orion.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-pci.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-platform.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-pmcmsp.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ehci-ps3.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-q.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-sched.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-sh.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-spear.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-st.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-sysfs.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-tegra.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-tilegx.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-timer.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-w90x900.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-xilinx-of.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-dbg.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hcd.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hub.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-mem.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-q.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-sched.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-tds.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci.h USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fotg210-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
fotg210.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fsl-mph-dr-of.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
hwa-hc.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-dbg.c USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-hcd.c USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-hcd.h USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
isp116x-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
isp116x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
isp1362-hcd.c usb: host: isp1362-hcd: remove a couple of redundant assignments 2017-11-07 15:52:29 +01:00
isp1362.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig usb: host: remove ehci-msm.c 2017-11-01 17:05:51 +01:00
Makefile USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
max3421-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-at91.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-da8xx.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-dbg.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-exynos.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ohci-hub.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-mem.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-nxp.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-omap.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-pci.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-platform.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-ps3.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-pxa27x.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-q.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-s3c2410.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sa1111.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sm501.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-spear.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-st.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tilegx.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tmio.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci.h USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
oxu210hp-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
oxu210hp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-quirks.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
pci-quirks.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
r8a66597-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
r8a66597.h USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
sl811_cs.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
sl811-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
sl811.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ssb-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
u132-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
uhci-debug.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-grlib.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
uhci-hcd.h Merge branch 'linus' into locking/core, to resolve conflicts 2017-11-07 10:32:44 +01:00
uhci-hub.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-pci.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-platform.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-q.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
xhci-dbg.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-debugfs.c xhci: Fix use-after-free in xhci debugfs 2017-12-27 15:24:27 +01:00
xhci-debugfs.h USB: host: xhci-debugfs: add SPDX lines 2017-11-07 15:53:48 +01:00
xhci-ext-caps.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-hub.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mem.c xhci: Don't add a virt_dev to the devs array before it's fully allocated 2017-12-08 18:26:34 +01:00
xhci-mtk-sch.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mtk.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mtk.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mvebu.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mvebu.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-pci.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-plat.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-plat.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-ring.c usb: xhci: fix TDS for MTK xHCI1.1 2017-12-08 18:26:34 +01:00
xhci-tegra.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci.c xhci: Fix xhci debugfs NULL pointer dereference in resume from hibernate 2017-12-27 15:24:27 +01:00
xhci.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00