lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2593ac262cdf0088e937b9fbc907bb23a6736fb5.camel@mediatek.com>
Date:   Thu, 19 Aug 2021 11:56:59 +0000
From:   Chunfeng Yun (云春峰) 
        <Chunfeng.Yun@...iatek.com>
To:     "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC:     "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mediatek@...ts.infradead.org" 
        <linux-mediatek@...ts.infradead.org>,
        "ikjn@...omium.org" <ikjn@...omium.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "mathias.nyman@...el.com" <mathias.nyman@...el.com>,
        "matthias.bgg@...il.com" <matthias.bgg@...il.com>
Subject: Re: [PATCH] usb: xhci-mtk: Do not use xhci's virt_dev in
 drop_endpoint

Hi Greg,

On Thu, 2021-08-05 at 13:37 +0800, Ikjoon Jang wrote:
> xhci-mtk depends on xhci's internal virt_dev when it retrieves its
> internal data from usb_host_endpoint both in add_endpoint and
> drop_endpoint callbacks. But when setup packet was retired by
> transaction errors in xhci_setup_device() path, a virt_dev for the
> slot
> is newly created with real_port 0. This leads to xhci-mtks's NULL
> pointer
> dereference from drop_endpoint callback as xhci-mtk assumes that
> virt_dev's
> real_port is always started from one. The similar problems were
> addressed
> by [1] but that can't cover the failure cases from setup_device.
> 
> This patch drops the usages of xhci's virt_dev in xhci-mtk's
> drop_endpoint
> callback by adopting rhashtable for searching mtk's schedule entity
> from a given usb_host_endpoint pointer instead of searching a linked
> list.
> So mtk's drop_endpoint callback doesn't have to rely on virt_dev at
> all.
> 
> [1] 
> https://lore.kernel.org/r/1617179142-2681-2-git-send-email-chunfeng.yun@mediatek.com
> 
> Signed-off-by: Ikjoon Jang <ikjn@...omium.org>
> ---
> 
>  drivers/usb/host/xhci-mtk-sch.c | 140 ++++++++++++++++++----------
> ----
>  drivers/usb/host/xhci-mtk.h     |  15 ++--
>  2 files changed, 86 insertions(+), 69 deletions(-)
> 
> diff --git a/drivers/usb/host/xhci-mtk-sch.c b/drivers/usb/host/xhci-
> mtk-sch.c
> index cffcaf4dfa9f..f9b4d27ce449 100644
> --- a/drivers/usb/host/xhci-mtk-sch.c
> +++ b/drivers/usb/host/xhci-mtk-sch.c
> 

I see the patch is already in usb-next branch, but find some new bugs
introduced after I test it (one NULL point dereference oops, two memory
leakage due to no error handling). 
What do I need to do? revert this patch then send new version or just
send fix patches?

Thanks



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ