From patchwork Tue Aug 20 14:34:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 13770255 Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2062.outbound.protection.outlook.com [40.107.255.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D99819149F; Tue, 20 Aug 2024 14:35:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.255.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724164506; cv=fail; b=CgJuYT9NhNb7PCf7ExRSVI8lIJiSzZcXk6AUl9jJBESvRnUBKG6erxWAnIS7vNBldBRU1Tg3nrXjxJj8DhqSK2UgdN+s9HiQkxFAvDcD3wQo0/OhGOtx/4pSbaRsf3af03uOmRLRzHDtd61wCYkPCTM7tuWkQzcsJcCFSDF6Dmg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724164506; c=relaxed/simple; bh=cZMTjvcfHcJHOdXo0sjrC+puMBdnhM2okBgxTJb72Do=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=j20zjorVuGZ5y+9PUBpUHpUILU9noM5enfozCijkkVrf/2Dds1uQHVB7mWR9VqxfNSBcexjeT/yzbdEfFRVLWbeQzItb419X3RXLU8ECWjRwuY1ZFSzQVQuuvD3EwjBHe3TMBGQrQX6EovSRs0Z9c14TaMni6McRkw3GIGa6ngY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=qmrnjvNj; arc=fail smtp.client-ip=40.107.255.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="qmrnjvNj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JttmQgHQ7bIpvxNANVtn5/6o6gRPZw1XREEXMDGmGMDlxcUUycMPdpA7sCa6o+5V2um6J2YuWGmSo3aDE7GC/6ux/f8he31KMGn9CfxTGBibu1VCh6RqWAPIzwMjuI1Y/hMLrYd+PRGIzD3GIbf7kx/UrKLAW8RIaVxYHqaKVE1tLYqdb9aLMnN75DPQzTuD0VD6jBAsJhx0smFZaxT/Z2NlEkj13Y32jcdE3/qrLflRpeg3UMbXwxtOeO/PpKFjdSoH/KHpC1wDKt9fHSj131Dj+26cAE8Nmt/M/CLk/zE0nJDL0E5g8q1WEX6De8dYcMiNR6t0BZt0yWdOEFkERA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cZMTjvcfHcJHOdXo0sjrC+puMBdnhM2okBgxTJb72Do=; b=HV6j+JMUXHMB/lc+otcJnfrudfCBMm0vPLOgNdGoyLApy/AfMdiCCc/paAf+829ye7wk0wrKV/B5rgA6cf5lB6Cfq7PaX+9CX8/4DwZx0xlk9sBUZZfTgaunYeeExRy35boN7PpSEoA/uAtDPYjHToY12ovOA8yqfPU0ENiq8qDQ4DQFLephrKlOw0hxC7hdhon0roZG7bh5qyoSjggvyxRwZaHnL8pUg4Fyml3iw+F1xlVEE8KTwg0rEj58nw7McyB/0biYLN20yfv0ENr537DATWZw0LkqCEz4oYvt/Th1rJSkLmsx7B7mpESmIgq4uii/oCV/V9qEPtSorLkYoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cZMTjvcfHcJHOdXo0sjrC+puMBdnhM2okBgxTJb72Do=; b=qmrnjvNjr0YiSkXhkjjZNjXK2H9OVGFRR3zqw1EmMKkHd4WvViNZ0pkmLXF8c+k3ugAy8eAwh1QVupTTY7L6cJiKm0q0rHWUOpu9B3EUvBv5VxkmMOS9M2KCKxAd81qGu5slxlLCk5uzH+TB0yOlFBMBNcDKuc4V/M0v2VBNb2MirJy95tn1m7MhCtD4IWSZ9EYMbd0BxqY26d9RNJy5ijJO3qJceRc0IFgHRBJt7SdbckI+42Pp9CDWAmcBWlewOcT+oBKQOZSCjKnaMQiXCY72xzT8FnJ67Zh+AhfL9jjFXKszN9N0vhHtF0qPZ44T/7NFqJYXEC52qLbTSlF6sg== Received: from TYUPR06MB6217.apcprd06.prod.outlook.com (2603:1096:400:358::7) by SEYPR06MB6932.apcprd06.prod.outlook.com (2603:1096:101:1da::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.20; Tue, 20 Aug 2024 14:34:56 +0000 Received: from TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe]) by TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe%4]) with mapi id 15.20.7875.019; Tue, 20 Aug 2024 14:34:56 +0000 From: =?utf-8?b?6IOh6L+e5Yuk?= To: "gregkh@linuxfoundation.org" , "quic_prashk@quicinc.com" CC: "quic_prashk@quicinc.com" , "quic_jjohnson@quicinc.com" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , "akpm@linux-foundation.org" , Michael Nazzareno Trimarchi Subject: [PATCH v3] usb: gadget: u_serial: check Null pointer in EP callback Thread-Topic: [PATCH v3] usb: gadget: u_serial: check Null pointer in EP callback Thread-Index: AdrzDKh8N5M3/u4TSCCS0RPgLRR/KQ== Date: Tue, 20 Aug 2024 14:34:56 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYUPR06MB6217:EE_|SEYPR06MB6932:EE_ x-ms-office365-filtering-correlation-id: 19126159-a8e2-46eb-2877-08dcc1254341 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?ci22hQAoV16+BZ1gLkMyerp7wX8qDtC?= =?utf-8?q?jdfb6TXm0eyuETX2YCRH3JPCjuTs+vgZIdwNU42LBCrPcs+afl6JLWW59YCbBjFVW?= =?utf-8?q?61nHGHLHZeeQujp3Bub0HiaMG0LDytbv8ByWuYMqu6WywS3FPDBsTDW/JXvVZf9bh?= =?utf-8?q?aSdxnmHqou77agmia9j4i+k/X37THERc7TazzKA45+TLeL7yYbuDulkuLYulZvXBm?= =?utf-8?q?0c3BplVqPGmsgV0J/Z1G2J+Q1iqsrvvxiwGWGuK34gdnojwFOeODRl1uh7C4skPUc?= =?utf-8?q?IyYDjmmhIKO313qfO6W+KyEpNVAQNyafbdJxVwsIQt/CGEBrBOow1cg2GhXvIP2Km?= =?utf-8?q?CRhYkz3wz4ZcHmfBEz5W+mNXSNOwCG0vNfVWgOh/nKd/SSnZg8LN+yabTNGqaKCXI?= =?utf-8?q?qCCKCgMLkMNic8wbkDQlyhemjeBbrXAtbzSHQrupLTI/5PJT9xfNRyXSmULwy7YOM?= =?utf-8?q?H+dqzJ28f39Qq6Vn3eFl+zwpq2HW0N5/ClpjMghSmWbhmiMv0Z/O235zC8zJPkOpX?= =?utf-8?q?hb9d0bba1MSh2AUkjLnfcWyejsXBeZLeU1ua9dNLeehCoBl3d34UlFy3d/ZfTWUAN?= =?utf-8?q?+DDoNiq4+HtZMyAQiQnX6WlWFte4CFC7Nnx3Kyd+OXcj2xJNC8/LPGPtDTtO2YMq3?= =?utf-8?q?MR4Yb5YNjxIGtPgRVPnpi3QKWFXVXQMP+WLSTVfOTjANPMKhGc1UqDS+T2w2GUlC4?= =?utf-8?q?V0l712GcSgWVxW99/machvbpv80LWfSwpXPZzaf5+0u8ATHU03Cyc+8aYOjAMxxqE?= =?utf-8?q?DOiN+vvKxUThLrZiSPWEno2GdonqVglF0GvzFzoO6kImOovy+TE6DoSz7eWUtTBAL?= =?utf-8?q?SsWxXrLdwuEm8JrwBeWNZpIHHWO0R4VlOahcCDh8QhLRO9aVia4/KSwF8wgUCoQqk?= =?utf-8?q?7wX/rNlVaJe2OCpuaIWFqPoukyGw22zufxnIVxxW1KB8OFxElp5wYa9ENb5BcytU8?= =?utf-8?q?7s36rsu4FFFyBB/NYMch4BeEqPy1TN+OHiXaIgAUdbcMHdHovA0jjpuOyUy/kn3qd?= =?utf-8?q?pI2EZz6e5rTdWfEgbJMznNxBenxcgJEqd6F6ytlO40A5XGazRukvvqS5IXZtDWvDP?= =?utf-8?q?KnReBPEVOzMRVfGz3DV2tUgNn2UCKR16UJzBuSzWD3oqypRG5llq+diAanUvjtQ4p?= =?utf-8?q?CTSDfu4CUhLptLKLjb7esLE7fS0lI3EWCCK0mTTDRytHt9NAwRbWSUBVLalGqKclU?= =?utf-8?q?jynQY49N3IF4d3tnfvmHdE8yNZrsapTNBViwDEwpfOpE/Nu2zttDfdXK+ORVxRNGZ?= =?utf-8?q?2uIg2CYu6OCnU3fHjgGeMNZtM50ZDJeYCkbSXpvRCC3XJysXN17zzgy9OGIousID6?= =?utf-8?q?DzZQIGhfp4X6GSRmOqRG83sKgAL7CLXAuA=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYUPR06MB6217.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?netWxN4irR0SleVnCUkKtgmLKV8e?= =?utf-8?q?T8enUuuESncFNfelvSG6wTnJyxFoAxBoYnUSGCUrgD+rjaUwk73W+AlpAFrfNw5WF?= =?utf-8?q?cg5DZY/APYdKLUOxLjhaI4by6uJCYFIg3Y65g+SBIKdVB3wtOALEdfwzxTDrnEn+3?= =?utf-8?q?Xav32tmYWlwkJXfWDD0zbpS/0in+8A+yJ5c/H1O0gDNaXcaQ6JfxxOSmkBDPd3RwH?= =?utf-8?q?fXOWcmtl5m8PMa/TACCeFZ5WBnnNZs3S4G2yBwiev/vDP76qG4u3i5pZvycWY/g7b?= =?utf-8?q?SRwHGU769Le1E6LsdQf1OI2p+GHPbhq3HCKtInLljtuHpa9ST3/MuCPIpLJD9uwoK?= =?utf-8?q?TmyUHUX/xmt3UqTQwHbmDW6x+/q3WjtReW6tSqr/EGSvzbpyG+2kbwOAdzwxiQTRP?= =?utf-8?q?GykP0mICHQFgh5uRbJ3pha9CHbdbk3mYhxjBR/FNk1H5KbKzhJVORbDO76OSqwQTi?= =?utf-8?q?tAQ9SPh7ffWCxyzqk8Xl9kZ4b8tZ++FklizFSKU7mbUDTO2yJmgQ8If5ReH8SRudL?= =?utf-8?q?0oAUHnEK0OVQzA2CImzrBGR35sKsKdQb8yZGbA9MuS6f+tKsy6D9mLMr15qd8dZk8?= =?utf-8?q?fucmrrx7VsSEwSgjxUHibtNEZylSubWodrefOZ1nDOskn+o0DH0Jia7PJgjefZf2Q?= =?utf-8?q?hUQgxFmLXsSX9WOQhjAyBR/jeg58lk/glQOOmHvujC6B9iLHkNvnH8QzygZ0NCSgK?= =?utf-8?q?bO7EjBG0MnJmA5ksizeAfrIJ9MxHalXKDJVzqGt+jj72cv1fIxQF3CLZUnFMQl9zS?= =?utf-8?q?OZoVMfkkO1fzIbFJG0uvFD36qSjQQbBV95gGi7182SmfxsESfrMQCzfSX7kOMwygQ?= =?utf-8?q?BjPZFwBnaKpUOdygdHhejYx/Z3Ir7f+qsEQojWQnZyrT9WN6HnhD02tT5Vce04J3b?= =?utf-8?q?hGk3/PW0r17vti4Ppco4XikLCrdfPglg9joJIxsYEXhVw55f0AxviEb1ottsro1FE?= =?utf-8?q?CVJvwMQxmr2Z42pC8Ebk8wltFKyQvajhyjDNlsruz9tMj15TODQLXuCp3KVhwG8Wj?= =?utf-8?q?YzDhUd/gZslJIotsvERVz0DfxU3rt3hCBW8KZlHo+gjahM8FeSq2j5mOvIwuKR2Vj?= =?utf-8?q?N5fMpsap3ZTO9hGTAu7772ND6onD0ta9ihrlyu/J1QWHv+tO1H4wiemMf6zgS+e24?= =?utf-8?q?+Aux3nRzWEDpET7Jajq1SU3/z6MKJa/xSDCEgHaFUaolVMGYmDuzR2/kcxc+CK/wA?= =?utf-8?q?SujA1S1RF9VSSqTWq548w3fAYL3qypKqzAlnZ4mR8w5EWjWu/vlxQHUnsFNqghde4?= =?utf-8?q?BzI2NOpJSSAk0EAGL+aByCvR+/DEbcWbDKKsRnU6ZZXmMNlZtnqMiO3frZzudumJj?= =?utf-8?q?YpzNhHExdcg5cIv7KXLXewM7vl6xdO0r7thnqWVFwpIXzrk+VdNgx5gaP4IHBmcU6?= =?utf-8?q?+Tr5wewQiKucnAXtTL6D0SPOEdCQZUGu35nQyKFDKLA64/PkNsB97gac6c0MP/PzF?= =?utf-8?q?HknmBZ2uoJkXx+XIzUcFoSp8vI6weFNt5j1othi7uE2FFVnc1uO+x+zU=3D?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYUPR06MB6217.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 19126159-a8e2-46eb-2877-08dcc1254341 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2024 14:34:56.5649 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CT6/X7hiIn+q32Zl4PYcu6gBwcGanQRWivGdc3IsbtnCDKOPqp4GjFc2EiYPBZFJp+DLmUodd5yfkeYU0k+lCQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR06MB6932 From: Lianqin Hu Added null pointer check to avoid system crash. Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr : usb_gadget_giveback_request+0x40/0x160 sp : ffffffc00f1539c0 x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000 x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000 x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8 x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098 x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000 x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000 x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8 Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal exception Signed-off-by: Lianqin Hu --- v3: - Add serial_port_lock protection when checking port pointer - Optimize code comments - Delete log printing --- drivers/usb/gadget/function/u_serial.c | 33 ++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index b394105e55d6..e43d8065f7ec 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -452,20 +452,43 @@ static void gs_rx_push(struct work_struct *work) static void gs_read_complete(struct usb_ep *ep, struct usb_request *req) { - struct gs_port *port = ep->driver_data; + struct gs_port *port; + unsigned long flags; + + spin_lock_irqsave(&serial_port_lock, flags); + port = ep->driver_data; + + /* When port is NULL, return to avoid panic. */ + if (!port) { + spin_unlock_irqrestore(&serial_port_lock, flags); + return; + } - /* Queue all received data until the tty layer is ready for it. */ spin_lock(&port->port_lock); + spin_unlock(&serial_port_lock); + + /* Queue all received data until the tty layer is ready for it. */ list_add_tail(&req->list, &port->read_queue); schedule_delayed_work(&port->push, 0); - spin_unlock(&port->port_lock); + spin_unlock_irqrestore(&port->port_lock, flags); } static void gs_write_complete(struct usb_ep *ep, struct usb_request *req) { - struct gs_port *port = ep->driver_data; + struct gs_port *port; + unsigned long flags; + + spin_lock_irqsave(&serial_port_lock, flags); + port = ep->driver_data; + + /* When port is NULL, return to avoid panic. */ + if (!port) { + spin_unlock_irqrestore(&serial_port_lock, flags); + return; + } spin_lock(&port->port_lock); + spin_unlock(&serial_port_lock); list_add(&req->list, &port->write_pool); port->write_started--; @@ -486,7 +509,7 @@ static void gs_write_complete(struct usb_ep *ep, struct usb_request *req) break; } - spin_unlock(&port->port_lock); + spin_unlock_irqrestore(&port->port_lock, flags); } static void gs_free_requests(struct usb_ep *ep, struct list_head *head,