lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <55109B15.9080800@google.com>
Date:	Mon, 23 Mar 2015 16:00:37 -0700
From:	Badhri Jagan Sridharan <badhri@...gle.com>
To:	Peter Chen <peter.chen@...escale.com>
CC:	Felipe Balbi <balbi@...com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: Check for NULL pointer in disconnect

 > Do you really see some udc drivers call it after composite_unbind is
 > called? If it is, you may add dump_stack() to track that error.
 >
 > Besides this, function suspended_show is needed to add cdev NULL pointer
 > checking.

We see this happening occasionally in *not yet* upstreamed UDC
code of some vendors (Yes, disconnect being called after unbind)
After reviewing the entire composite.c file, I did notice that
none of the functions check for NULL pointer when cdev is
obtained from get_gadget_data.
Is crashing/bringing down the whole kernel intentionally
left to happen ? Isn't printing a WARN/ERROR msg and
returning not the preferable approach ?

On 03/22/2015 12:43 AM, Peter Chen wrote:
> On Fri, Mar 20, 2015 at 04:40:52PM -0700, Badhri Jagan Sridharan wrote:
>> Added a safety net to make sure that
>> composite_disconnect does not end up disconneting
>> a NULL device. Prevents NULL pointer crash.
>>
>> Signed-off-by: Badhri Jagan Sridharan <Badhri@...gle.com>
>> ---
>>   drivers/usb/gadget/composite.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
>> index 13adfd1..90b37bd 100644
>> --- a/drivers/usb/gadget/composite.c
>> +++ b/drivers/usb/gadget/composite.c
>> @@ -1823,6 +1823,11 @@ void composite_disconnect(struct usb_gadget *gadget)
>>   	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
>>   	unsigned long			flags;
>>
>> +	if (!cdev) {
>> +		WARN(1, "Trying to disconnect a NULL composite device\n");
>> +		return;
>> +	}
>> +
>
> Do you really see some udc drivers call it after composite_unbind is
> called? If it is, you may add dump_stack() to track that error.
>
> Besides this, function suspended_show is needed to add cdev NULL pointer
> checking.
>
>>   	/* REVISIT:  should we have config and device level
>>   	 * disconnect callbacks?
>>   	 */
>> --
>> 2.2.0.rc0.207.ga3a616c
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ