| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <TYUPR06MB62179C7116B4A209AE711430D20D2@TYUPR06MB6217.apcprd06.prod.outlook.com> Date: Thu, 26 Dec 2024 06:21:58 +0000 From: 胡连勤 <hulianqin@...o.com> To: Prashanth K <quic_prashk@...cinc.com>, "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>, "mwalle@...nel.org" <mwalle@...nel.org>, "quic_jjohnson@...cinc.com" <quic_jjohnson@...cinc.com>, David Brownell <dbrownell@...rs.sourceforge.net> CC: "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, opensource.kernel <opensource.kernel@...o.com> Subject: 答复: [PATCH v3] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Hello Prashanth K: > >>> Considering that in some extreme cases, when performing the > >>> unbinding operation, gserial_disconnect has cleared gser->ioport, > >>> which triggers gadget reconfiguration, and then calls > >>> gs_read_complete, resulting in access to a null pointer. Therefore, > >>> ep is disabled before gserial_disconnect sets port to null to prevent this > from happening. > >> > >> gs_read_complete() gets port from ep->driver_data, and it shouldn't > >> get affected if gser->ioport is null as long as port[port_num].port > >> is valid. Am I missing something here? > > > > This description is not very appropriate, thank you very much for your > suggestion, I will modify it. > > Seems like this patch has already accepted applied to Gregs tree. So I think its > fine for now, just update new description here. May I ask how we should update the description and re-release the new version? We have never dealt with this before. > >>> > >>> Call trace: > >>> gs_read_complete+0x58/0x240 > >>> usb_gadget_giveback_request+0x40/0x160 > >>> dwc3_remove_requests+0x170/0x484 > >>> dwc3_ep0_out_start+0xb0/0x1d4 > >>> __dwc3_gadget_start+0x25c/0x720 > >>> kretprobe_trampoline.cfi_jt+0x0/0x8 > >>> kretprobe_trampoline.cfi_jt+0x0/0x8 > >>> udc_bind_to_driver+0x1d8/0x300 > >>> usb_gadget_probe_driver+0xa8/0x1dc > >>> gadget_dev_desc_UDC_store+0x13c/0x188 > >>> configfs_write_iter+0x160/0x1f4 > >>> vfs_write+0x2d0/0x40c > >>> ksys_write+0x7c/0xf0 > >>> __arm64_sys_write+0x20/0x30 > >>> invoke_syscall+0x60/0x150 > >>> el0_svc_common+0x8c/0xf8 > >>> do_el0_svc+0x28/0xa0 > >>> el0_svc+0x24/0x84 > >>> > > Thanks
Powered by blists - more mailing lists