lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 24 Feb 2014 21:35:55 +0100
From:	Lubomir Rintel <lkundrak@...sk>
To:	Felipe Balbi <balbi@...com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	Lubomir Rintel <lkundrak@...sk>
Subject: [PATCH] gadgetfs: Initialize CHIP to NULL before UDC probe

Otherwise the value from the last probe would be retained that possibly is
freed since (the UDC is removed) and therefore no longer relevant. Reproducible
with the dummy UDC:

  modprobe dummy_hcd
  mount -t gadgetfs gadgetfs /dev/gadget
  umount /dev/gadget
  rmmod dummy_hcd
  mount -t gadgetfs gadgetfs /dev/gadget

BUG: unable to handle kernel paging request at ffffffffa066fd9d
Call Trace:
 [<ffffffff811d0cd2>] ? d_alloc_name+0x22/0x50
 [<ffffffff812b74dc>] ? selinux_d_instantiate+0x1c/0x20
 [<ffffffffa067d687>] gadgetfs_create_file+0x27/0xa0 [gadgetfs]
 [<ffffffffa067da70>] ? setup_req.isra.4+0x80/0x80 [gadgetfs]
 [<ffffffffa067dbac>] gadgetfs_fill_super+0x13c/0x180 [gadgetfs]
 [<ffffffff811bc832>] mount_single+0x92/0xc0
 [<ffffffffa067d0f8>] gadgetfs_mount+0x18/0x20 [gadgetfs]
 [<ffffffff811bc8f9>] mount_fs+0x39/0x1b0
 [<ffffffff8116b220>] ? __alloc_percpu+0x10/0x20
 [<ffffffff811d6da3>] vfs_kern_mount+0x63/0xf0
 [<ffffffff811d93be>] do_mount+0x23e/0xac0
 [<ffffffff811660eb>] ? strndup_user+0x4b/0xf0
 [<ffffffff811d9f63>] SyS_mount+0x83/0xc0
 [<ffffffff81695b69>] system_call_fastpath+0x16/0x1b

Signed-off-by: Lubomir Rintel <lkundrak@...sk>
---
 drivers/usb/gadget/inode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
index b94c049..ee15628 100644
--- a/drivers/usb/gadget/inode.c
+++ b/drivers/usb/gadget/inode.c
@@ -2046,6 +2046,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
 		return -ESRCH;
 
 	/* fake probe to determine $CHIP */
+	CHIP = NULL;
 	usb_gadget_probe_driver(&probe_driver);
 	if (!CHIP)
 		return -ENODEV;
-- 
1.8.5.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ