| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Aug 2020 17:02:38 +0200
From: Marek Szyprowski <m.szyprowski@...sung.com>
To: Greg KH <gregkh@...uxfoundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
Ilja Van Sprundel <ivansprundel@...ctive.com>,
Kees Cook <keescook@...omium.org>,
Brooke Basile <brookebasile@...il.com>,
Felipe Balbi <balbi@...nel.org>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>
Subject: Re: [GIT PULL] USB fixes for 5.9-rc3
Hi Greg,
On 26.08.2020 15:43, Greg KH wrote:
> The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5:
>
> Linux 5.9-rc1 (2020-08-16 13:04:57 -0700)
>
> are available in the Git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git tags/usb-5.9-rc3
>
> for you to fetch changes up to 23e26d0577535f5ffe4ff8ed6d06e009553c0bca:
>
> usb: typec: tcpm: Fix Fix source hard reset response for TDA 2.3.1.1 and TDA 2.3.1.2 failures (2020-08-25 16:02:35 +0200)
>
> ----------------------------------------------------------------
> USB fixes for 5.9-rc3
>
> Here are a small set of USB fixes for 5.9-rc3.
>
> Like most set of USB bugfixes, they include the usual:
> - usb gadget driver fixes
> - xhci driver fixes
> - typec fixes
> - new qurks and ids
> - fixes for USB patches merged in 5.9-rc1
>
> Nothing huge, all of these have been in linux-next with no reported
> issues:
>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>
> ----------------------------------------------------------------
> Alan Stern (1):
> USB: yurex: Fix bad gfp argument
>
> Andy Shevchenko (1):
> usb: hcd: Fix use after free in usb_hcd_pci_remove()
>
> Badhri Jagan Sridharan (1):
> usb: typec: tcpm: Fix Fix source hard reset response for TDA 2.3.1.1 and TDA 2.3.1.2 failures
>
> Bastien Nocera (2):
> USB: Also match device drivers using the ->match vfunc
> USB: Fix device driver race
>
> Brooke Basile (2):
> USB: gadget: u_f: add overflow checks to VLA macros
Sorry, but the above patch breaks USB Ethernet Gadget operation. It also
didn't get the proper testing in linux-next (next-20200826 is the first
one with this patch).
This is how it explodes on Samsung Exynos (ARM 32bit) based board with
g_ether module loaded:
------------[ cut here ]------------
kernel BUG at mm/slub.c:4116!
Internal error: Oops - BUG: 0 [#1] SMP ARM
Modules linked in: usb_f_ecm g_ether(+) usb_f_rndis u_ether libcomposite
panel_samsung_s6e8aa0 s5p_csis s5p_fimc exynos4_is_common v4l2_fwnode
max8997_regulator rtc_max8997 leds_max8997 max8
emless mms114 governor_simpleondemand s5p_mfc lima gpu_sched s5p_jpeg
v4l2_mem2mem videobuf2_dma_contig videobuf2_memops videobuf2_v4l2
videobuf2_common phy_exynos_usb2 exynosdrm analogix_dp
s3c2410_wdt
CPU: 0 PID: 616 Comm: modprobe Not tainted 5.9.0-rc1-00026-gb1cd1b65afba
#9023
Hardware name: Samsung Exynos (Flattened Device Tree)
PC is at kfree+0x234/0x268
LR is at config_item_set_name+0x60/0xb0
...
Process modprobe (pid: 616, stack limit = 0x(ptrval))
...
[<c0494248>] (kfree) from [<c05347a0>] (config_item_set_name+0x60/0xb0)
[<c05347a0>] (config_item_set_name) from [<c0534844>]
(config_group_init_type_name+0x1c/0x50)
[<c0534844>] (config_group_init_type_name) from [<bf14bc18>]
(usb_os_desc_prepare_interf_dir+0x54/0x124 [libcomposite])
[<bf14bc18>] (usb_os_desc_prepare_interf_dir [libcomposite]) from
[<bf15af9c>] (rndis_alloc_inst+0x100/0x150 [usb_f_rndis])
[<bf15af9c>] (rndis_alloc_inst [usb_f_rndis]) from [<bf1499dc>]
(try_get_usb_function_instance+0x88/0xa4 [libcomposite])
[<bf1499dc>] (try_get_usb_function_instance [libcomposite]) from
[<bf149ad8>] (usb_get_function_instance+0xc/0x44 [libcomposite])
[<bf149ad8>] (usb_get_function_instance [libcomposite]) from
[<bf114164>] (eth_bind+0xdc/0x34c [g_ether])
[<bf114164>] (eth_bind [g_ether]) from [<bf1497cc>]
(composite_bind+0x78/0x1a8 [libcomposite])
[<bf1497cc>] (composite_bind [libcomposite]) from [<c0c62a0c>]
(udc_bind_to_driver+0x60/0x108)
[<c0c62a0c>] (udc_bind_to_driver) from [<c0c62ed8>]
(usb_gadget_probe_driver+0x100/0x158)
[<c0c62ed8>] (usb_gadget_probe_driver) from [<c0301fd0>]
(do_one_initcall+0x54/0x220)
[<c0301fd0>] (do_one_initcall) from [<c03de390>] (do_init_module+0x60/0x210)
[<c03de390>] (do_init_module) from [<c03dd0d4>] (load_module+0x2078/0x24c0)
[<c03dd0d4>] (load_module) from [<c03dd758>] (sys_finit_module+0xc8/0xd8)
[<c03dd758>] (sys_finit_module) from [<c03000c0>]
(ret_fast_syscall+0x0/0x54)
Exception stack(0xedd1dfa8 to 0xedd1dff0)
...
---[ end trace 0dc21d79c1880545 ]---
I also didn't manage to find any mailing list, where this patch has been
initially posted...
> USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()
>
> Christophe JAILLET (1):
> usb: gadget: f_tcm: Fix some resource leaks in some error paths
>
> Ding Hui (1):
> xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed
>
> Evgeny Novikov (1):
> USB: lvtest: return proper error code in probe
>
> Greg Kroah-Hartman (1):
> Merge tag 'fixes-for-v5.9-rc2' of git://git.kernel.org/.../balbi/usb into usb-linus
>
> Hans de Goede (4):
> usb: typec: ucsi: Fix AB BA lock inversion
> usb: typec: ucsi: Fix 2 unlocked ucsi_run_command calls
> usb: typec: ucsi: Rework ppm_lock handling
> usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port()
>
> Heikki Krogerus (1):
> tools: usb: move to tools buildsystem
>
> JC Kuo (2):
> usb: host: xhci-tegra: otg usb2/usb3 port init
> usb: host: xhci-tegra: fix tegra_xusb_get_phy()
>
> Kai-Heng Feng (2):
> USB: quirks: Add no-lpm quirk for another Raydium touchscreen
> xhci: Do warm-reset when both CAS and XDEV_RESUME are set
>
> Li Jun (1):
> usb: host: xhci: fix ep context print mismatch in debugfs
>
> M. Vefa Bicakci (1):
> usbip: Implement a match function to fix usbip
>
> Thinh Nguyen (4):
> usb: dwc3: gadget: Don't setup more than requested
> usb: dwc3: gadget: Fix handling ZLP
> usb: dwc3: gadget: Handle ZLP for sg requests
> usb: uas: Add quirk for PNY Pro Elite
>
> Tom Rix (1):
> USB: cdc-acm: rework notification_buffer resizing
>
> Vinod Koul (1):
> usb: renesas-xhci: remove version check
>
> 周ç°æ° (Zhou Yanjie) (1):
> USB: PHY: JZ4770: Fix static checker warning.
>
> drivers/usb/class/cdc-acm.c | 22 ++++---
> drivers/usb/core/driver.c | 40 ++++++++++++-
> drivers/usb/core/generic.c | 5 +-
> drivers/usb/core/hcd-pci.c | 5 +-
> drivers/usb/core/quirks.c | 2 +
> drivers/usb/dwc3/gadget.c | 107 +++++++++++++++++++++++++++++------
> drivers/usb/gadget/function/f_ncm.c | 81 ++++++++++++++++++++++----
> drivers/usb/gadget/function/f_tcm.c | 7 ++-
> drivers/usb/gadget/u_f.h | 38 +++++++++----
> drivers/usb/host/xhci-debugfs.c | 8 +--
> drivers/usb/host/xhci-hub.c | 19 ++++---
> drivers/usb/host/xhci-pci-renesas.c | 19 +------
> drivers/usb/host/xhci-tegra.c | 4 +-
> drivers/usb/host/xhci.c | 3 +-
> drivers/usb/misc/lvstest.c | 2 +-
> drivers/usb/misc/yurex.c | 2 +-
> drivers/usb/phy/phy-jz4770.c | 1 +
> drivers/usb/storage/unusual_uas.h | 7 +++
> drivers/usb/typec/tcpm/tcpm.c | 28 ++++++++-
> drivers/usb/typec/ucsi/displayport.c | 9 +--
> drivers/usb/typec/ucsi/ucsi.c | 103 +++++++++++++++++----------------
> drivers/usb/usbip/stub_dev.c | 6 ++
> tools/usb/Build | 2 +
> tools/usb/Makefile | 53 ++++++++++++++---
> 24 files changed, 408 insertions(+), 165 deletions(-)
> create mode 100644 tools/usb/Build
>
>
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
Powered by blists - more mailing lists