lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <TYUPR06MB62170825AFE73942D1B10B2DD23B2@TYUPR06MB6217.apcprd06.prod.outlook.com>
Date: Mon, 16 Dec 2024 13:40:18 +0000
From: 胡连勤 <hulianqin@...o.com>
To: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC: Prashanth K <quic_prashk@...cinc.com>, "mwalle@...nel.org"
	<mwalle@...nel.org>, "quic_jjohnson@...cinc.com" <quic_jjohnson@...cinc.com>,
	"dbrownell@...rs.sourceforge.net" <dbrownell@...rs.sourceforge.net>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	opensource.kernel <opensource.kernel@...o.com>
Subject:
 答复: [PATCH v2] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null

Hello  Linux kernel expert:

> > From: Lianqin Hu <hulianqin@...o.com>
> >
> > Considering that in some extreme cases, when performing the unbinding
> > operation, gserial_disconnect has cleared gser->ioport, which triggers
> > gadget reconfiguration, and then calls gs_read_complete, resulting in
> > access to a null pointer. Therefore, ep is disabled before
> > gserial_disconnect sets port to null to prevent this from happening.
> >
> > Call trace:
> >  gs_read_complete+0x58/0x240
> >  usb_gadget_giveback_request+0x40/0x160
> >  dwc3_remove_requests+0x170/0x484
> >  dwc3_ep0_out_start+0xb0/0x1d4
> >  __dwc3_gadget_start+0x25c/0x720
> >  kretprobe_trampoline.cfi_jt+0x0/0x8
> >  kretprobe_trampoline.cfi_jt+0x0/0x8
> >  udc_bind_to_driver+0x1d8/0x300
> >  usb_gadget_probe_driver+0xa8/0x1dc
> >  gadget_dev_desc_UDC_store+0x13c/0x188
> >  configfs_write_iter+0x160/0x1f4
> >  vfs_write+0x2d0/0x40c
> >  ksys_write+0x7c/0xf0
> >  __arm64_sys_write+0x20/0x30
> >  invoke_syscall+0x60/0x150
> >  el0_svc_common+0x8c/0xf8
> >  do_el0_svc+0x28/0xa0
> >  el0_svc+0x24/0x84
> >
> > Fixes: c1dca562be8a ("usb gadget: split out serial core")
> > Cc: stable@...r.kernel.org
> >
> > Suggested-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > Signed-off-by: Lianqin Hu <hulianqin@...o.com>
> >
> > v2:
> >  - Remove some address information from patch descriptions
> >  - Link to v1:
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore
> > .kernel.org%2Fall%2FTYUPR06MB621763AB815989161F4033AFD2762%40TY
> UPR06MB
> >  - Link to suggestions:
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore
> > .kernel.org%2Fall%2FTYUPR06MB6217DE28012FFEC5E808DD64D2962%40TY
> UPR06MB
> 
> The "v2:" needs to go below the --- line, what happened to that?
   OK, I'll modify it.

> And no need to have a blank line after the cc: stable, right?  Did you run
> checkpatch.pl on this?
Sorry, I didn't check it carefully enough. I will modify it and send a new patch.

Run checkpatch.pl before sending the patch:
root@...o-600-G6:~/linux_kernel/linux# ./scripts/checkpatch.pl 0001-usb-gadget-u_serial-Disable-ep-before-setting-port-t.patch 
total: 0 errors, 0 warnings, 20 lines checked

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ