| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YR5zQD8dFWsXu5Ns@kroah.com>
Date: Thu, 19 Aug 2021 17:05:36 +0200
From: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To: Chunfeng Yun (云春峰)
<Chunfeng.Yun@...iatek.com>
Cc: "linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>,
"ikjn@...omium.org" <ikjn@...omium.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"mathias.nyman@...el.com" <mathias.nyman@...el.com>,
"matthias.bgg@...il.com" <matthias.bgg@...il.com>
Subject: Re: [PATCH] usb: xhci-mtk: Do not use xhci's virt_dev in
drop_endpoint
On Thu, Aug 19, 2021 at 11:56:59AM +0000, Chunfeng Yun (云春峰) wrote:
> Hi Greg,
>
> On Thu, 2021-08-05 at 13:37 +0800, Ikjoon Jang wrote:
> > xhci-mtk depends on xhci's internal virt_dev when it retrieves its
> > internal data from usb_host_endpoint both in add_endpoint and
> > drop_endpoint callbacks. But when setup packet was retired by
> > transaction errors in xhci_setup_device() path, a virt_dev for the
> > slot
> > is newly created with real_port 0. This leads to xhci-mtks's NULL
> > pointer
> > dereference from drop_endpoint callback as xhci-mtk assumes that
> > virt_dev's
> > real_port is always started from one. The similar problems were
> > addressed
> > by [1] but that can't cover the failure cases from setup_device.
> >
> > This patch drops the usages of xhci's virt_dev in xhci-mtk's
> > drop_endpoint
> > callback by adopting rhashtable for searching mtk's schedule entity
> > from a given usb_host_endpoint pointer instead of searching a linked
> > list.
> > So mtk's drop_endpoint callback doesn't have to rely on virt_dev at
> > all.
> >
> > [1]
> > https://lore.kernel.org/r/1617179142-2681-2-git-send-email-chunfeng.yun@mediatek.com
> >
> > Signed-off-by: Ikjoon Jang <ikjn@...omium.org>
> > ---
> >
> > drivers/usb/host/xhci-mtk-sch.c | 140 ++++++++++++++++++----------
> > ----
> > drivers/usb/host/xhci-mtk.h | 15 ++--
> > 2 files changed, 86 insertions(+), 69 deletions(-)
> >
> > diff --git a/drivers/usb/host/xhci-mtk-sch.c b/drivers/usb/host/xhci-
> > mtk-sch.c
> > index cffcaf4dfa9f..f9b4d27ce449 100644
> > --- a/drivers/usb/host/xhci-mtk-sch.c
> > +++ b/drivers/usb/host/xhci-mtk-sch.c
> >
>
> I see the patch is already in usb-next branch, but find some new bugs
> introduced after I test it (one NULL point dereference oops, two memory
> leakage due to no error handling).
> What do I need to do? revert this patch then send new version or just
> send fix patches?
Which ever you want to do is fine with me.
thanks,
greg k-h
Powered by blists - more mailing lists