openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/usb/dwc3
History
Marian-Cristian Rotariu d00889080a usb: dwc3: ep0: fix NULL pointer exception 
There is no validation of the index from dwc3_wIndex_to_dep() and we might
be referring a non-existing ep and trigger a NULL pointer exception. In
certain configurations we might use fewer eps and the index might wrongly
indicate a larger ep index than existing.

By adding this validation from the patch we can actually report a wrong
index back to the caller.

In our usecase we are using a composite device on an older kernel, but
upstream might use this fix also. Unfortunately, I cannot describe the
hardware for others to reproduce the issue as it is a proprietary
implementation.

[   82.958261] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a4
[   82.966891] Mem abort info:
[   82.969663]   ESR = 0x96000006
[   82.972703]   Exception class = DABT (current EL), IL = 32 bits
[   82.978603]   SET = 0, FnV = 0
[   82.981642]   EA = 0, S1PTW = 0
[   82.984765] Data abort info:
[   82.987631]   ISV = 0, ISS = 0x00000006
[   82.991449]   CM = 0, WnR = 0
[   82.994409] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6210ccc
[   83.000999] [00000000000000a4] pgd=0000000053aa5003, pud=0000000053aa5003, pmd=0000000000000000
[   83.009685] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[   83.026433] Process irq/62-dwc3 (pid: 303, stack limit = 0x000000003985154c)
[   83.033470] CPU: 0 PID: 303 Comm: irq/62-dwc3 Not tainted 4.19.124 #1
[   83.044836] pstate: 60000085 (nZCv daIf -PAN -UAO)
[   83.049628] pc : dwc3_ep0_handle_feature+0x414/0x43c
[   83.054558] lr : dwc3_ep0_interrupt+0x3b4/0xc94

...

[   83.141788] Call trace:
[   83.144227]  dwc3_ep0_handle_feature+0x414/0x43c
[   83.148823]  dwc3_ep0_interrupt+0x3b4/0xc94
[   83.181546] ---[ end trace aac6b5267d84c32f ]---

Signed-off-by: Marian-Cristian Rotariu <marian.c.rotariu@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210608162650.58426-1-marian.c.rotariu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-06-09 11:03:32 +02:00
..
Kconfig usb: dwc3: Add driver for Xilinx platforms 2021-03-23 12:48:14 +01:00
Makefile usb: dwc3: Add driver for Xilinx platforms 2021-03-23 12:48:14 +01:00
core.c Revert "usb: dwc3: core: Add shutdown callback for dwc3" 2021-06-04 10:40:57 +02:00
core.h usb: dwc3: gadget: Rename EOPF event macros to Suspend 2021-05-10 14:45:49 +02:00
debug.h usb: dwc3: debugfs: Add and remove endpoint dirs dynamically 2021-06-03 20:28:23 +02:00
debugfs.c usb: dwc3: debugfs: Add and remove endpoint dirs dynamically 2021-06-03 20:28:23 +02:00
drd.c usb: dwc3: drd: Improve dwc3_get_extcon() style 2020-12-28 15:51:40 +01:00
dwc3-exynos.c usb: dwc3: exynos: fix incorrect kernel-doc comment syntax 2021-04-02 15:20:54 +02:00
dwc3-haps.c usb: dwc3: haps: Constify the software node 2021-02-04 15:42:06 +01:00
dwc3-imx8mp.c usb: dwc3: imx8mp: fix error return code in dwc3_imx8mp_probe() 2021-05-10 14:58:41 +02:00
dwc3-keystone.c usb: dwc3: fix incorrect kernel-doc comment syntax in files 2021-04-02 15:20:51 +02:00
dwc3-meson-g12a.c usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled 2021-06-04 12:58:55 +02:00
dwc3-of-simple.c usb: dwc3: Add driver for Xilinx platforms 2021-03-23 12:48:14 +01:00
dwc3-omap.c usb: dwc3: omap: improve extcon initialization 2021-05-10 15:04:37 +02:00
dwc3-pci.c usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield 2021-05-10 14:40:21 +02:00
dwc3-qcom.c usb: dwc3: qcom: Detect DWC3 DT-nodes using compatible string 2021-04-10 10:46:09 +02:00
dwc3-st.c usb: dwc3: st: fix incorrect kernel-doc comment syntax in file 2021-04-02 15:20:46 +02:00
dwc3-xilinx.c usb: dwc3: xilinx: Remove the extra freeing of clocks 2021-04-09 16:05:32 +02:00
ep0.c usb: dwc3: ep0: fix NULL pointer exception 2021-06-09 11:03:32 +02:00
gadget.c usb: dwc3: debugfs: Add and remove endpoint dirs dynamically 2021-06-03 20:28:23 +02:00
gadget.h usb: dwc3: add cancelled reasons for dwc3 requests 2021-04-02 15:27:36 +02:00
host.c usb: dwc3: host: Use software node API with the properties 2021-02-05 10:08:19 +01:00
io.h usb: dwc3: fix incorrect kernel-doc comment syntax in files 2021-04-02 15:20:51 +02:00
trace.c usb: dwc3: fix incorrect kernel-doc comment syntax in files 2021-04-02 15:20:51 +02:00
trace.h usb: dwc3: fix incorrect kernel-doc comment syntax in files 2021-04-02 15:20:51 +02:00
ulpi.c usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression 2020-12-28 15:55:44 +01:00