lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87pnt5c53o.fsf@linux.intel.com>
Date:   Thu, 10 Jan 2019 10:02:51 +0200
From:   Felipe Balbi <balbi@...nel.org>
To:     Jack Pham <jackp@...eaurora.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jack Pham <jackp@...eaurora.org>
Subject: Re: [PATCH] usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup


Hi,

Jack Pham <jackp@...eaurora.org> writes:

> OUT endpoint requests may somtimes have this flag set when
> preparing to be submitted to HW indicating that there is an
> additional TRB chained to the request for alignment purposes.
> If that request is removed before the controller can execute the
> transfer (e.g. ep_dequeue/ep_disable), the request will not go
> through the dwc3_gadget_ep_cleanup_completed_request() handler
> and will not have its needs_extra_trb flag cleared when
> dwc3_gadget_giveback() is called.  This same request could be
> later requeued for a new transfer that does not require an
> extra TRB and if it is successfully completed, the cleanup
> and TRB reclamation will incorrectly process the additional TRB
> which belongs to the next request, and incorrectly advances the
> TRB dequeue pointer, thereby messing up calculation of the next
> requeust's actual/remaining count when it completes.
>
> The right thing to do here is to ensure that the flag is cleared
> before it is given back to the function driver.  A good place
> to do that is in dwc3_gadget_del_and_unmap_request().
>
> Signed-off-by: Jack Pham <jackp@...eaurora.org>
> ---
> Hi Felipe,
>
> There's probably zero chance this is making it to 4.20, so if you take
> this after 4.21-rc1 so be it. But should this be Cc: stable? If so it
> needs to be sent separately for <= 4.19 as needs_extra_trb was previously
> req->unaligned and req->zero.

we need a Cc stable, indeed. And a Fixes tag.

-- 
balbi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ