| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2012 14:32:15 -0400 (EDT)
From: Alan Stern <stern@...land.harvard.edu>
To: Vincent Palatin <vpalatin@...omium.org>
cc: linux-usb@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
<linux-kernel@...r.kernel.org>,
Olof Johansson <olofj@...omium.org>,
Doug Anderson <dianders@...omium.org>,
"Arjun.K.V" <arjun.kv@...sung.com>,
Vikas Sajjan <vikas.sajjan@...sung.com>,
Abhilash Kesavan <a.kesavan@...sung.com>
Subject: Re: [PATCH] USB: ohci-exynos: initialize registers pointer earlier
On Thu, 1 Nov 2012, Vincent Palatin wrote:
> In the former code, we have a race condition between the first interrupt
> and the regs field initilization in the usb_hcd structure.
> If the OHCI irq fires before hcd->regs is set, we are getting a null
> pointer dereference in ohci_irq.
>
> When calling usb_add_hcd(), it first executes the reset() callback,
> then enables the ohci interrupt, and finally executes the start()
> callback. So moving the ohci_init() call which actually initializes the
> reg field from start() to reset() should remove the race.
>
> Tested by enabling the external HSIC hub in the bootloader on an exynos5
> machine and booting. With the former code, this triggers an early interrupt
> about 50% of the boots and a subsequent kernel panic in ohci_irq when trying
> to access the registers.
>
> Cc: Olof Johansson <olofj@...omium.org>
> Cc: Doug Anderson <dianders@...omium.org>
> Cc: Arjun.K.V <arjun.kv@...sung.com>
> Cc: Vikas Sajjan <vikas.sajjan@...sung.com>
> Cc: Abhilash Kesavan <a.kesavan@...sung.com>
> Signed-off-by: Vincent Palatin <vpalatin@...omium.org>
> ---
> drivers/usb/host/ohci-exynos.c | 10 ++++++----
> 1 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/host/ohci-exynos.c b/drivers/usb/host/ohci-exynos.c
> index 20a5008..f04cfde 100644
> --- a/drivers/usb/host/ohci-exynos.c
> +++ b/drivers/usb/host/ohci-exynos.c
> @@ -23,6 +23,11 @@ struct exynos_ohci_hcd {
> struct clk *clk;
> };
>
> +static int ohci_exynos_reset(struct usb_hcd *hcd)
> +{
> + return ohci_init(hcd_to_ohci(hcd));
> +}
> +
> static int ohci_exynos_start(struct usb_hcd *hcd)
> {
> struct ohci_hcd *ohci = hcd_to_ohci(hcd);
> @@ -30,10 +35,6 @@ static int ohci_exynos_start(struct usb_hcd *hcd)
>
> ohci_dbg(ohci, "ohci_exynos_start, ohci:%p", ohci);
>
> - ret = ohci_init(ohci);
> - if (ret < 0)
> - return ret;
> -
> ret = ohci_run(ohci);
> if (ret < 0) {
> dev_err(hcd->self.controller, "can't start %s\n",
> @@ -53,6 +54,7 @@ static const struct hc_driver exynos_ohci_hc_driver = {
> .irq = ohci_irq,
> .flags = HCD_MEMORY|HCD_USB11,
>
> + .reset = ohci_exynos_reset,
> .start = ohci_exynos_start,
> .stop = ohci_stop,
> .shutdown = ohci_shutdown,
Quite right; every host controller driver must have a .reset routine.
Acked-by: Alan Stern <stern@...land.harvard.edu>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists