Message ID | 20230522022101.32163-1-chunfeng.yun@mediatek.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1170244vqo; Sun, 21 May 2023 19:56:37 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5KyP8dMrqAqo5ZyT/YQIlFRK9m9Q3USA4aQEqmYSWQoLcjnZoLuPqRjLS3uYGO2n7iJ0fm X-Received: by 2002:a17:90a:1116:b0:250:69de:7157 with SMTP id d22-20020a17090a111600b0025069de7157mr13780851pja.2.1684724196942; Sun, 21 May 2023 19:56:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684724196; cv=none; d=google.com; s=arc-20160816; b=lcyvHTXPIYwnfAMZt3lSrI7TRGaQOMWx/PFGCgb081UtSxQU1Ss5/Hiv+AUeQf6oD2 oPCWiresVtcLHlatrZNlaWEGp2+iMn3Gs4WFJw0Lqg7puxHeKKsVRkK3X3yqLAS5i3x6 RuYmiR4BKVwewNFW8opvw8aN+76I4Lc65LZdMZVf81kqQeLWXOWFWqfG1xdmgOmk0Dwq IL8SjE35pmT4aAPIgjfFeGswo5YSFdVqF+cJB6N5t+IHiVjA8tgKbGKvqOT4T6P8dQ3F /1TZNU7u2Wkn80S7EUKfL4T2/Fy46WSwhBvlZaz/S/DV0SLeX4t4gmuKTnBPJgTKcR+a 9wpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=FvLKVHjka7cRO5KYMLXa5+eHvbBfffFIZp5h7B2yAEk=; b=JUI/E6RdzivV2S9WJFpNhx9v6PzEbvTK0gyCvT59uVRiS3RaNU6LPqOe6GAFRrlQ81 HwFyo8O8wVMif1fPX7TkUXZUX8oGdc2+zBzFvHykVDN0EktTs4XQ+qz+IAdFLREkg2XY 5cwutS7Uy6FKRIP3I7AhfkJpF5lpG88wy5ctMuHn8Ei2TZv7tJDaHlbINgpoCwBJRg+N KSqTokY1mylnqY76cFy+dHh7a+eEFtz99bYRImAOd1KtLoJT9mDD3JjAlzEWlAi6Ddn7 xSl4y3CdNMS14LJGLOjWBeXLXTzHlvEsUwsaXPD5cVRX22CWh3TvA6gdY38etWBfz8cK mh4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b="TcV/Ri9x"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e11-20020a17090a804b00b00250b5ffafdcsi3957377pjw.125.2023.05.21.19.56.25; Sun, 21 May 2023 19:56:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mediatek.com header.s=dk header.b="TcV/Ri9x"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229779AbjEVCVS (ORCPT <rfc822;cscallsign@gmail.com> + 99 others); Sun, 21 May 2023 22:21:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229533AbjEVCVQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Sun, 21 May 2023 22:21:16 -0400 Received: from mailgw02.mediatek.com (unknown [210.61.82.184]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A99CE0; Sun, 21 May 2023 19:21:10 -0700 (PDT) X-UUID: 4d4bf402f84711edb20a276fd37b9834-20230522 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=FvLKVHjka7cRO5KYMLXa5+eHvbBfffFIZp5h7B2yAEk=; b=TcV/Ri9xxnUaUP83Qn7Y1ZzndluR/EixtIH47azDWEN+1ygWO1vYjFGd8jyP2+VN8bw10JzOsFnW2WNoVy3KMJ0YJc70m2ShCyNZFOyRLrppV9Gxf+d1iD/njURPDtq8rMbmOkvtbyYwviKk/oFzlcijgw/QanefQp4EdeDdnew=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.25,REQID:4829c3d0-8688-464b-9f1f-121c397e69cc,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:d5b0ae3,CLOUDID:2b988a6c-2f20-4998-991c-3b78627e4938,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U RL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-UUID: 4d4bf402f84711edb20a276fd37b9834-20230522 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw02.mediatek.com (envelope-from <chunfeng.yun@mediatek.com>) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 624682876; Mon, 22 May 2023 10:21:04 +0800 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs13n2.mediatek.inc (172.21.101.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Mon, 22 May 2023 10:21:03 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Mon, 22 May 2023 10:21:02 +0800 From: Chunfeng Yun <chunfeng.yun@mediatek.com> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org> CC: Matthias Brugger <matthias.bgg@gmail.com>, AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>, Alan Stern <stern@rowland.harvard.edu>, Chunfeng Yun <chunfeng.yun@mediatek.com>, Prashanth K <quic_prashk@quicinc.com>, Xiu Jianfeng <xiujianfeng@huawei.com>, Christophe JAILLET <christophe.jaillet@wanadoo.fr>, Fabrice Gasnier <fabrice.gasnier@st.com>, Felipe Balbi <balbi@kernel.org>, <linux-usb@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org>, Kewu Chen <Kewu.Chen@mediatek.com>, stable <stable@kernel.org> Subject: [PATCH] usb: gadget: u_serial: Add null pointer check in gserial_suspend Date: Mon, 22 May 2023 10:21:01 +0800 Message-ID: <20230522022101.32163-1-chunfeng.yun@mediatek.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-MTK: N X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RDNS_NONE,SPF_HELO_PASS, T_SCC_BODY_TEXT_LINE,T_SPF_TEMPERROR,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766561359961423869?= X-GMAIL-MSGID: =?utf-8?q?1766561359961423869?= |
Series |
usb: gadget: u_serial: Add null pointer check in gserial_suspend
|
|
Commit Message
Chunfeng Yun (云春峰)
May 22, 2023, 2:21 a.m. UTC
When gserial_disconnect has already cleared gser->ioport, and the
suspend triggers afterwards, gserial_suspend gets called, which will
lead to accessing of gser->ioport and thus causing null pointer
dereference. Add a null pointer check to prevent it as the bellow
patch does:
5ec63fdbca60 ("usb: gadget: u_serial: Add null pointer check in gserial_resume")
Fixes: aba3a8d01d62 ("usb: gadget: u_serial: add suspend resume callbacks")
Cc: stable <stable@kernel.org>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
---
drivers/usb/gadget/function/u_serial.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
Comments
On 22-05-23 07:51 am, Chunfeng Yun wrote: > When gserial_disconnect has already cleared gser->ioport, and the > suspend triggers afterwards, gserial_suspend gets called, which will > lead to accessing of gser->ioport and thus causing null pointer > dereference. Add a null pointer check to prevent it as the bellow > patch does: > 5ec63fdbca60 ("usb: gadget: u_serial: Add null pointer check in gserial_resume") > > Fixes: aba3a8d01d62 ("usb: gadget: u_serial: add suspend resume callbacks") > Cc: stable <stable@kernel.org> > Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com> > --- > drivers/usb/gadget/function/u_serial.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c > index a0ca47fbff0f..40ba220cf6d2 100644 > --- a/drivers/usb/gadget/function/u_serial.c > +++ b/drivers/usb/gadget/function/u_serial.c > @@ -1420,10 +1420,18 @@ EXPORT_SYMBOL_GPL(gserial_disconnect); > > void gserial_suspend(struct gserial *gser) > { > - struct gs_port *port = gser->ioport; > + struct gs_port *port; > unsigned long flags; > > - spin_lock_irqsave(&port->port_lock, flags); > + spin_lock_irqsave(&serial_port_lock, flags); > + port = gser->ioport; > + if (!port) { > + spin_unlock_irqrestore(&serial_port_lock, flags); > + return; > + } > + > + spin_lock(&port->port_lock); > + spin_unlock(&serial_port_lock); > port->suspended = true; > spin_unlock_irqrestore(&port->port_lock, flags); > } Hi Chunfeng, This looks same as the following patch. https://lore.kernel.org/linux-usb/1683278317-11774-1-git-send-email-quic_prashk@quicinc.com/ Regards
On Mon, 2023-05-22 at 11:19 +0530, Prashanth K wrote: > External email : Please do not click links or open attachments until > you have verified the sender or the content. > > > On 22-05-23 07:51 am, Chunfeng Yun wrote: > > When gserial_disconnect has already cleared gser->ioport, and the > > suspend triggers afterwards, gserial_suspend gets called, which > > will > > lead to accessing of gser->ioport and thus causing null pointer > > dereference. Add a null pointer check to prevent it as the bellow > > patch does: > > 5ec63fdbca60 ("usb: gadget: u_serial: Add null pointer check in > > gserial_resume") > > > > Fixes: aba3a8d01d62 ("usb: gadget: u_serial: add suspend resume > > callbacks") > > Cc: stable <stable@kernel.org> > > Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com> > > --- > > drivers/usb/gadget/function/u_serial.c | 12 ++++++++++-- > > 1 file changed, 10 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/usb/gadget/function/u_serial.c > > b/drivers/usb/gadget/function/u_serial.c > > index a0ca47fbff0f..40ba220cf6d2 100644 > > --- a/drivers/usb/gadget/function/u_serial.c > > +++ b/drivers/usb/gadget/function/u_serial.c > > @@ -1420,10 +1420,18 @@ EXPORT_SYMBOL_GPL(gserial_disconnect); > > > > void gserial_suspend(struct gserial *gser) > > { > > - struct gs_port *port = gser->ioport; > > + struct gs_port *port; > > unsigned long flags; > > > > - spin_lock_irqsave(&port->port_lock, flags); > > + spin_lock_irqsave(&serial_port_lock, flags); > > + port = gser->ioport; > > + if (!port) { > > + spin_unlock_irqrestore(&serial_port_lock, flags); > > + return; > > + } > > + > > + spin_lock(&port->port_lock); > > + spin_unlock(&serial_port_lock); > > port->suspended = true; > > spin_unlock_irqrestore(&port->port_lock, flags); > > } > > Hi Chunfeng, > > This looks same as the following patch. > https://lore.kernel.org/linux-usb/1683278317-11774-1-git-send-email-quic_prashk@quicinc.com/ Yes, it is, please ignore this one, thanks a lot > > > Regards
diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index a0ca47fbff0f..40ba220cf6d2 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -1420,10 +1420,18 @@ EXPORT_SYMBOL_GPL(gserial_disconnect); void gserial_suspend(struct gserial *gser) { - struct gs_port *port = gser->ioport; + struct gs_port *port; unsigned long flags; - spin_lock_irqsave(&port->port_lock, flags); + spin_lock_irqsave(&serial_port_lock, flags); + port = gser->ioport; + if (!port) { + spin_unlock_irqrestore(&serial_port_lock, flags); + return; + } + + spin_lock(&port->port_lock); + spin_unlock(&serial_port_lock); port->suspended = true; spin_unlock_irqrestore(&port->port_lock, flags); }