lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Feb 2022 10:57:55 +0800 (GMT+08:00)
From:   "Jing Leng" <3090101217@....edu.cn>
To:     "Greg KH" <gregkh@...uxfoundation.org>
Cc:     balbi@...nel.org, jleng@...arella.com,
        laurent.pinchart@...asonboard.com, linux-kernel@...r.kernel.org,
        linux-usb@...r.kernel.org
Subject: Re: [PATCH v2] usb: gadget: f_uvc: fix superspeedplus transfer

Hi Greg KH,

Sorry for the confusion.

I tested the feature on linux-5.10, it will cause Oops.
The Oops is as follows:
 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
 Mem abort info:
   ESR = 0x96000005
   EC = 0x25: DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
 Data abort info:
   ISV = 0, ISS = 0x00000005
   CM = 0, WnR = 0
 user pgtable: 4k pages, 39-bit VAs, pgdp=00000001b12cf000
 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
 Internal error: Oops: 96000005 [#1] PREEMPT SMP
 Modules linked in: ...
 CPU: 0 PID: 619 Comm: irq/95-20200080 Tainted: G           O      5.10.61 #2
 Hardware name: Ambarella CV5 TIMN Board (DT)
 pstate: 20c00085 (nzCv daIf +PAN +UAO -TCO BTYPE=--)
 pc : config_ep_by_speed_and_alt+0x3c/0x2a0 [libcomposite]
 lr : config_ep_by_speed+0x14/0x20 [libcomposite]
 sp : ffffffc011dbbac0
 x29: ffffffc011dbbac0 x28: 0000000000000001
 x27: ffffff81b3eb1920 x26: 0000000000000000
 x25: ffffff81b68085e8 x24: ffffff81b3ee4c00
 x23: ffffff81b3d71c40 x22: 0000000000000000
 x21: 0000000000000000 x20: ffffff81b68085e8
 x19: ffffff81b6808000 x18: ffffffc091dbb737
 x17: 0000000000000017 x16: 000000000000000a
 x15: 0000000000000006 x14: ffffffc011dbb73f
 x13: 0000000000000001 x12: ffffffc0109c97e8
 x11: 0000000000000652 x10: 00000000000e5a65
 x9 : ffffffc0109c97e8 x8 : 00000000fffff7ff
 x7 : 00000000000017fd x6 : 0000000000000001
 x5 : ffffff81fb5976a8 x4 : 0000000000000006
 x3 : 0000000000000000 x2 : ffffff81b6838718
 x1 : 0000000000000000 x0 : ffffff81b6838008
 Call trace:
  config_ep_by_speed_and_alt+0x3c/0x2a0 [libcomposite]
  uvc_function_set_alt+0xd4/0x2e8 [usb_f_uvc]
  set_config.constprop.0+0x154/0x3a0 [libcomposite]
  composite_setup+0x314/0xb44 [libcomposite]
  configfs_composite_setup+0x84/0xb0 [libcomposite]
  cdnsp_ep0_std_request+0x25c/0x470 [cdns3]
  cdnsp_setup_analyze+0x94/0x25c [cdns3]
  cdnsp_handle_event+0xe8/0x23c [cdns3]
  cdnsp_thread_irq_handler+0x58/0xe8 [cdns3]
  irq_thread_fn+0x2c/0xa0
  irq_thread+0x164/0x280
  kthread+0x128/0x134
  ret_from_fork+0x10/0x40
 Code: 71000c9f 54000b60 f9400821 52800006 (f9400024)
 ---[ end trace 7d3065b8181de7a6 ]---
 note: irq/95-20200080[619] exited with preempt_count 2
 genirq: exiting task "irq/95-20200080" (619) is an active IRQ thread (irq 95)

But the Oops is fixed in the latest kernel by the following commit:
 commit 16d42759207fc3d1bff7cfd330a08a225e470ba0
 Author: Qihang Hu <huqihang@...o.com>
 Date:   Wed Nov 10 18:11:29 2021 +0800

     usb: gadget: composite: Show warning if function driver's descriptors are incomplete.

There are some problems with my previous understanding,
so the patch is a feature but not a bug, I will modify the
title and description of the patch and resend it. 

Thanks
Jing Leng

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ