Message ID | 20221104131031.850850-1-s.hauer@pengutronix.de |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp393348wru; Fri, 4 Nov 2022 06:13:32 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4xqX977EdepS/duc16NglXEkgotIqR2BnXpwiAkU5hVcdiWjwZWMnfEg5wy2o9nsGtmeTE X-Received: by 2002:a17:903:50e:b0:182:631b:df6f with SMTP id jn14-20020a170903050e00b00182631bdf6fmr35370802plb.66.1667567611974; Fri, 04 Nov 2022 06:13:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667567611; cv=none; d=google.com; s=arc-20160816; b=g6M788+DyYoq/v1FE19ib/FWyi0xGBt/AUg2eBb4TATy9n9NFNcOHGeR5PMPd2kayN pE8ajLOFs8/hLCuXT4Z4rFnfYrydBaEaCiZdIIU2gxyAEHYALMNmtUVnRVAMa+NP5MUG zkhTERo8BeUIm62EU9aAvZhsqN1T2VRD4gg1Ao+eCIdqfxzV5vG2KliXOJY8ob8K1vD6 Fn8AmXznaloBLFFzQHZ1FfDtoAXnol6PBx8scMjJobaxFnPmbTliycvhQh+RJCFzpNys QS89BxeTebE7sOMKvwkbZ7ZGe+sF71d4VWexH1qpVz3fpCIbrE1xr6YuDZ2nZXrK4d5J o/OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=MwLGpjcwyH4beaI7rZFB9rCrPA6g2v12EdPo210+bi8=; b=Ooj224/mc32OIfChfUADPi846nHvB8i27ZbPWdV4sySgm9aURS3ceoYChuzDf9hu4o IyNnzf6weTwBdL7gBlpOugnFwX+L2y/lum7OatL6uIsCMHKdzfdGOu1bXAWqEhFWAZbn Xi7mza+xp9vH4ohWmqIdapCjzq9EbDqD4zDjfID2v8z3saNHlJvqlNXuTEpixeJg78ii qwBu+5j9PMV9bkYVx7CVq8qBUCD/VpJyfr6DQdMPdLDc9jTiJ5/eKmtpIhZEhQ9XheV/ OVlyfloSHdl7QN7d7djrb+yLQyevN/Q0H5wD8y45ZISedoat/MIhzXd+TJLXd+4icYbK X6bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j19-20020a634a53000000b0046f33e0f911si4039566pgl.563.2022.11.04.06.13.16; Fri, 04 Nov 2022 06:13:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231838AbiKDNKq (ORCPT <rfc822;jimliu8233@gmail.com> + 99 others); Fri, 4 Nov 2022 09:10:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231627AbiKDNKh (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 4 Nov 2022 09:10:37 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE02A28E0E for <linux-kernel@vger.kernel.org>; Fri, 4 Nov 2022 06:10:36 -0700 (PDT) Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <sha@pengutronix.de>) id 1oqwSw-0000Yl-HE; Fri, 04 Nov 2022 14:10:34 +0100 Received: from [2a0a:edc0:0:1101:1d::28] (helo=dude02.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from <sha@pengutronix.de>) id 1oqwSw-002HHi-Oq; Fri, 04 Nov 2022 14:10:33 +0100 Received: from sha by dude02.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from <sha@pengutronix.de>) id 1oqwSv-004041-3P; Fri, 04 Nov 2022 14:10:33 +0100 From: Sascha Hauer <s.hauer@pengutronix.de> To: linux-usb@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, linux-kernel@vger.kernel.org, kernel@pengutronix.de, Sascha Hauer <s.hauer@pengutronix.de> Subject: [PATCH 0/2] use-after-free issues in configfs Date: Fri, 4 Nov 2022 14:10:29 +0100 Message-Id: <20221104131031.850850-1-s.hauer@pengutronix.de> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: sha@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748571376594313124?= X-GMAIL-MSGID: =?utf-8?q?1748571376594313124?= |
Series |
use-after-free issues in configfs
|
|
Message
Sascha Hauer
Nov. 4, 2022, 1:10 p.m. UTC
This series addresses a few problems with the users of the gether code. The problem arises when a UDC is disconnected from a gadget created with configfs doing a "echo '' > UDC". It seems the existing code is tested up to the point where the gadget from configfs is up, tearing it down still seems to make problems. I for myself am also not interested in tearing it down, but I see use-after-free issues when doing a reboot -f. The underlying problem is that the eth_dev returned by the gether code is used for multiple bind/unbind cycles, but only initialized properly once. The usb_gadget * is only valid between bind and unbind, so it is not a suitable parent for the net_device whose lifetime spans multiple bind/unbind cycles. I solved the issues for the f_ecm driver, similar problems exist in the other users like f_eem or f_ncm as well. I can prepare patches for these once it's clear that this is really the way to go. Sascha Hauer (2): usb: gadget: u_ether: Do not make UDC parent of the net device usb: gadget: f_ecm: Always set current gadget in ecm_bind() drivers/usb/gadget/function/f_ecm.c | 22 +++++++++------------- drivers/usb/gadget/function/u_ether.c | 4 ---- 2 files changed, 9 insertions(+), 17 deletions(-)