lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <63c3b650-c3cf-49bc-973a-c5fe025a22f6@oss.qualcomm.com>
Date: Mon, 24 Feb 2025 14:53:59 +0530
From: Prashanth K <prashanth.k@....qualcomm.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Kees Bakker <kees@...erbout.nl>,
        William McVicker <willmcvicker@...gle.com>,
        Marek Szyprowski <m.szyprowski@...sung.com>, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: Check bmAttributes only if configuration is
 valid



On 24-02-25 02:36 pm, Greg Kroah-Hartman wrote:
> On Mon, Feb 24, 2025 at 02:26:04PM +0530, Prashanth K wrote:
>> If the USB configuration is not valid, then avoid checking for
>> bmAttributes to prevent null pointer deference.
>>
>> Cc: stable@...r.kernel.org
>> Fixes: 40e89ff5750f ("usb: gadget: Set self-powered based on MaxPower and bmAttributes")
>> Signed-off-by: Prashanth K <prashanth.k@....qualcomm.com>
>> ---
>>  drivers/usb/gadget/composite.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
>> index 4bcf73bae761..869ad99afb48 100644
>> --- a/drivers/usb/gadget/composite.c
>> +++ b/drivers/usb/gadget/composite.c
>> @@ -1051,7 +1051,7 @@ static int set_config(struct usb_composite_dev *cdev,
>>  		usb_gadget_set_remote_wakeup(gadget, 0);
>>  done:
>>  	if (power > USB_SELF_POWER_VBUS_MAX_DRAW ||
>> -	    !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER))
>> +	    (c && !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)))
>>  		usb_gadget_clear_selfpowered(gadget);
>>  	else
>>  		usb_gadget_set_selfpowered(gadget);
>> -- 
>> 2.25.1
>>
>>
> 
> Have you checked linux-next yet for this fix that was posted last week?
> Does that not resolve the issue for you?
> 
> thanks,
> 
> greg k-h

I hope you are mentioning this one -
https://lore.kernel.org/all/20250220120314.3614330-1-m.szyprowski@samsung.com/

The above patch fixes null pointer in composite_suspend(), I'm trying to
address a similar bug which is present in set_config(), it gets exposed
if the requested configuration is not present in cdev->configs.

Regards,
Prashanth K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ