diff mbox series

[v2,3/4] usb: mtu3: fix list_head check warning

Message ID 20211218095749.6250-3-chunfeng.yun@mediatek.com (mailing list archive)
State Accepted
Commit 8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf
Headers show
Series [v2,1/4] usb: mtu3: fix interval value for intr and isoc | expand

Commit Message

Chunfeng Yun Dec. 18, 2021, 9:57 a.m. UTC
This is caused by uninitialization of list_head.

BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4

Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4

Fixes: 83374e035b62 ("usb: mtu3: add tracepoints to help debug")
Cc: stable@vger.kernel.org
Reported-by: Yuwen Ng <yuwen.ng@mediatek.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
---
v2: add Fixes and Cc suggested by Greg
---
 drivers/usb/mtu3/mtu3_gadget.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Sergey Shtylyov Dec. 19, 2021, 10:14 a.m. UTC | #1
On 18.12.2021 12:57, Chunfeng Yun wrote:

> This is caused by uninitialization of list_head.

    Again, there's no such word as "uninitialization" (even if it existed, it 
wouldn't mean what you wanted to say); please replace by "not initializing".

> BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
> 
> Call trace:
> dump_backtrace+0x0/0x298
> show_stack+0x24/0x34
> dump_stack+0x130/0x1a8
> print_address_description+0x88/0x56c
> __kasan_report+0x1b8/0x2a0
> kasan_report+0x14/0x20
> __asan_load8+0x9c/0xa0
> __list_del_entry_valid+0x34/0xe4
> mtu3_req_complete+0x4c/0x300 [mtu3]
> mtu3_gadget_stop+0x168/0x448 [mtu3]
> usb_gadget_unregister_driver+0x204/0x3a0
> unregister_gadget_item+0x44/0xa4
> 
> Fixes: 83374e035b62 ("usb: mtu3: add tracepoints to help debug")
> Cc: stable@vger.kernel.org
> Reported-by: Yuwen Ng <yuwen.ng@mediatek.com>
> Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
[...]

MBR, Sergey
Greg KH Dec. 19, 2021, 10:40 a.m. UTC | #2
On Sun, Dec 19, 2021 at 01:14:25PM +0300, Sergei Shtylyov wrote:
> On 18.12.2021 12:57, Chunfeng Yun wrote:
> 
> > This is caused by uninitialization of list_head.
> 
>    Again, there's no such word as "uninitialization" (even if it existed, it
> wouldn't mean what you wanted to say); please replace by "not initializing".

We are not English language scholars, most of us do not have English as
their native language.  We all can understand what is being said here,
there's no need for any change, please do not be so critical.

thanks,

greg k-h
Sergey Shtylyov Dec. 19, 2021, 11 a.m. UTC | #3
On 19.12.2021 13:40, Greg Kroah-Hartman wrote:
[...]

>>> This is caused by uninitialization of list_head.
>>
>>     Again, there's no such word as "uninitialization" (even if it existed, it
>> wouldn't mean what you wanted to say); please replace by "not initializing".
> 
> We are not English language scholars, most of us do not have English as
> their native language.  We all can understand what is being said here,
> there's no need for any change, please do not be so critical.

    OK, noted...
    I was just somewhat upset that my 1st comment was ignored. :-/

> thanks,
> 
> greg k-h

MBR, Sergey
Chunfeng Yun Dec. 21, 2021, 6:16 a.m. UTC | #4
On Sun, 2021-12-19 at 14:00 +0300, Sergei Shtylyov wrote:
> On 19.12.2021 13:40, Greg Kroah-Hartman wrote:
> [...]
> 
> > > > This is caused by uninitialization of list_head.
> > > 
> > >     Again, there's no such word as "uninitialization" (even if it
> > > existed, it
> > > wouldn't mean what you wanted to say); please replace by "not
> > > initializing".
> > 
> > We are not English language scholars, most of us do not have
> > English as
> > their native language.  We all can understand what is being said
> > here,
> > there's no need for any change, please do not be so critical.
> 
>     OK, noted...
>     I was just somewhat upset that my 1st comment was ignored. :-/
Very sorry, I planned to fix it, but forgot it;

Please feel free to point out my mistakes;

Thanks a lot

> 
> > thanks,
> > 
> > greg k-h
> 
> MBR, Sergey
diff mbox series

Patch

diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c
index c51be015345b..b6c8a4a99c4d 100644
--- a/drivers/usb/mtu3/mtu3_gadget.c
+++ b/drivers/usb/mtu3/mtu3_gadget.c
@@ -235,6 +235,7 @@  struct usb_request *mtu3_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
 	mreq->request.dma = DMA_ADDR_INVALID;
 	mreq->epnum = mep->epnum;
 	mreq->mep = mep;
+	INIT_LIST_HEAD(&mreq->list);
 	trace_mtu3_alloc_request(mreq);
 
 	return &mreq->request;