raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 02:19:54 +00:00
Code Issues Projects Releases Wiki Activity
Files
c4097c64d03afaf1212a76729b6758f662e901b1
linux/drivers/usb/host
History
Zhengjun Xing 716382f1c1 xhci: Fix kernel oops in trace_xhci_free_virt_device 
commit d850c16583 upstream.

commit 44a182b9d1 ("xhci: Fix use-after-free in xhci_free_virt_device")
set dev->udev pointer to NULL in xhci_free_dev(), it will cause kernel
panic in trace_xhci_free_virt_device. This patch reimplement the trace
function trace_xhci_free_virt_device, remove dev->udev dereference and
added more useful parameters to show in the trace function,it also makes
sure dev->udev is not NULL before calling trace_xhci_free_virt_device.
This issue happened when xhci-hcd trace is enabled and USB devices hot
plug test. Original use-after-free patch went to stable so this needs so
be applied there as well.

[ 1092.022457] usb 2-4: USB disconnect, device number 6
[ 1092.092772] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 1092.101694] PGD 0 P4D 0
[ 1092.104601] Oops: 0000 [#1] SMP
[ 1092.207734] Workqueue: usb_hub_wq hub_event
[ 1092.212507] RIP: 0010:trace_event_raw_event_xhci_log_virt_dev+0x6c/0xf0
[ 1092.220050] RSP: 0018:ffff8c252e883d28 EFLAGS: 00010086
[ 1092.226024] RAX: ffff8c24af86fa84 RBX: 0000000000000003 RCX: ffff8c25255c2a01
[ 1092.234130] RDX: 0000000000000000 RSI: 00000000aef55009 RDI: ffff8c252e883d28
[ 1092.242242] RBP: ffff8c252550e2c0 R08: ffff8c24af86fa84 R09: 0000000000000a70
[ 1092.250364] R10: 0000000000000a70 R11: 0000000000000000 R12: ffff8c251f21a000
[ 1092.258468] R13: 000000000000000c R14: ffff8c251f21a000 R15: ffff8c251f432f60
[ 1092.266572] FS:  0000000000000000(0000) GS:ffff8c252e880000(0000) knlGS:0000000000000000
[ 1092.275757] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1092.282281] CR2: 0000000000000000 CR3: 0000000154209001 CR4: 00000000003606e0
[ 1092.290384] Call Trace:
[ 1092.293156]  <IRQ>
[ 1092.295439]  xhci_free_virt_device.part.34+0x182/0x1a0
[ 1092.301288]  handle_cmd_completion+0x7ac/0xfa0
[ 1092.306336]  ? trace_event_raw_event_xhci_log_trb+0x6e/0xa0
[ 1092.312661]  xhci_irq+0x3e8/0x1f60
[ 1092.316524]  __handle_irq_event_percpu+0x75/0x180
[ 1092.321876]  handle_irq_event_percpu+0x20/0x50
[ 1092.326922]  handle_irq_event+0x36/0x60
[ 1092.331273]  handle_edge_irq+0x6d/0x180
[ 1092.335644]  handle_irq+0x16/0x20
[ 1092.339417]  do_IRQ+0x41/0xc0
[ 1092.342782]  common_interrupt+0xf/0xf
[ 1092.346955]  </IRQ>

Fixes: 44a182b9d1 ("xhci: Fix use-after-free in xhci_free_virt_device")
Cc: <stable@vger.kernel.org>
Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-08 15:30:47 +02:00
..
whci
USB: whci-hcd: constify hc_driver structures
2017-07-30 07:26:52 -07:00
bcma-hcd.c
USB: bcma: drop Northstar PHY 2.0 initialization code
2016-09-27 12:20:17 +02:00
ehci-atmel.c
usb: ehci-atmel: use __maybe_unused to hide pm functions
2016-03-03 20:37:41 -08:00
ehci-dbg.c
usb: host: fix incorrect updating of offset
2017-12-10 13:40:44 +01:00
ehci-exynos.c
usb: host: ehci-exynos: Handle return value of clk_prepare_enable
2017-06-13 10:48:24 +02:00
ehci-fsl.c
usb: host: make ehci_fsl_overrides const and __initconst
2017-08-31 18:08:46 +02:00
ehci-fsl.h
drivers: usb: fsl: Define usb control register mask for w1c bits
2015-07-22 16:44:35 -07:00
ehci-grlib.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-hcd.c
usb: host: Remove remaining pci_pool in comments
2017-03-16 18:03:31 +09:00
ehci-hub.c
usb: host: ehci: use correct device pointer for dma ops
2018-02-28 10:19:42 +01:00
ehci-mem.c
usb: ehci: use bus->sysdev for DMA configuration
2017-03-23 08:20:21 +01:00
ehci-msm.c
usb: host: ehci-msm: Conditionally call ehci suspend/resume
2016-06-07 22:15:25 -07:00
ehci-mv.c
host: ehci-mv: remove duplicate check on resource
2014-11-07 09:01:50 -08:00
ehci-mxc.c
host: ehci-mxc: remove duplicate check on resource
2014-11-07 09:01:50 -08:00
ehci-omap.c
usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
2017-08-10 11:36:50 -07:00
ehci-orion.c
usb: orion-ehci: Add support for the Armada 3700
2017-03-17 13:32:59 +09:00
ehci-pci.c
USB: EHCI: merge all cases that disable the IO watchdog
2016-10-24 14:36:25 +02:00
ehci-platform.c
USB: ehci-platform: fix companion-device leak
2017-05-17 11:52:44 +02:00
ehci-pmcmsp.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-ppc-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-ps3.c
ehci-q.c
usb: host: ehci: remove unnecessary max_packet() macro
2016-11-03 10:38:24 +02:00
ehci-sched.c
usb: host: remove unnecessary null check
2017-05-17 12:20:53 +02:00
ehci-sh.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-spear.c
usb/host/: const data must use __initconst not __initdata
2016-04-28 12:35:36 -07:00
ehci-st.c
usb: host: ehci-st: Inform the reset framework that our reset line may be shared
2016-06-30 07:44:21 +01:00
ehci-sysfs.c
usb: host: ehci-sys: delete useless bus_to_hcd conversion
2015-08-18 10:05:23 -07:00
ehci-tegra.c
usb: host: ehci-tegra: Avoid getting the same reset twice
2016-06-07 22:15:25 -07:00
ehci-tilegx.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci-timer.c
usb: Make use of ktime_* comparison functions
2017-06-03 18:08:04 +09:00
ehci-w90x900.c
USB: EHCI: ehci-w90x900: remove unuseful functions
2016-11-29 17:36:43 +01:00
ehci-xilinx-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ehci.h
fsl/usb: Workarourd for USB erratum-A005697
2016-12-05 15:13:58 +01:00
fhci-dbg.c
fhci-hcd.c
usb: host: fhci-hcd: don't print on ENOMEM
2016-08-30 19:17:37 +02:00
fhci-hub.c
QE: Move QE from arch/powerpc to drivers/soc
2015-12-22 17:12:56 -06:00
fhci-mem.c
fhci-q.c
fhci-sched.c
USB: FHCI: avoid redundant condition
2016-05-09 13:08:46 +02:00
fhci-tds.c
usb: whci: fhci: remove comparison to bool
2015-12-04 08:25:58 -08:00
fhci.h
QE: Move QE from arch/powerpc to drivers/soc
2015-12-22 17:12:56 -06:00
fotg210-hcd.c
usb: Make use of ktime_* comparison functions
2017-06-03 18:08:04 +09:00
fotg210.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fsl-mph-dr-of.c
usb: Convert to using %pOF instead of full_name
2017-07-22 15:56:53 +02:00
hwa-hc.c
usb: hwa-hc: constify usb_device_id
2017-08-10 11:31:26 -07:00
imx21-dbg.c
imx21-hcd.c
usb: imx21-hcd: make imx21_hc_driver const
2017-08-31 18:08:46 +02:00
imx21-hcd.h
isp116x-hcd.c
isp116x-hcd: constify hc_driver structures
2017-07-30 07:26:52 -07:00
isp116x.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
isp1362-hcd.c
isp1362-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
isp1362.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Kconfig
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
2018-02-22 15:42:31 +01:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
max3421-hcd.c
usb: host: max3421-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
ohci-at91.c
usb: ohci-at91: Do not drop unhandled USB suspend control requests
2017-03-09 10:22:08 +01:00
ohci-da8xx.c
USB: ohci: da8xx: Resume the entire host controller
2016-11-29 17:31:36 +01:00
ohci-dbg.c
USB: ohci-dbg.c: move assignment out of if () block
2015-05-10 16:01:11 +02:00
ohci-exynos.c
usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths
2017-01-10 17:00:42 +01:00
ohci-hcd.c
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
2018-05-25 16:17:38 +02:00
ohci-hub.c
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
2018-02-28 10:19:41 +01:00
ohci-mem.c
USB: OHCI: use dma_pool_zalloc
2016-11-21 17:33:40 +01:00
ohci-nxp.c
USB: OHCI: nxp: fix code warnings
2016-12-08 17:50:09 +01:00
ohci-omap.c
mfd: tps65010: Move header file out of I2C realm
2017-08-15 08:27:22 +01:00
ohci-pci.c
ohci-pci: add qemu quirk
2017-03-23 08:13:21 +01:00
ohci-platform.c
usb: host: ohci-platform: Add support for omap3 and later
2017-06-03 18:08:04 +09:00
ohci-ppc-of.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ohci-ps3.c
ohci-pxa27x.c
usb: host: ohci-pxa27x: Handle return value of clk_prepare_enable
2017-06-29 14:49:06 +02:00
ohci-q.c
usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
2018-02-28 10:19:42 +01:00
ohci-s3c2410.c
USB: OHCI: ohci-s3c2410: remove useless functions
2016-12-05 16:32:51 +01:00
ohci-sa1111.c
usb: ohci-sa1111: remove mach/hardware.h include
2016-08-30 19:24:59 +02:00
ohci-sm501.c
dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags
2017-09-01 11:59:17 +02:00
ohci-spear.c
usb: host: ohci-spear: Fix module autoload for OF platform driver
2015-10-04 10:51:58 +01:00
ohci-st.c
usb: host: ohci-st: Inform the reset framework that our reset line may be shared
2016-06-30 07:44:20 +01:00
ohci-tilegx.c
usb: host: drop owner assignment from platform_drivers
2015-01-09 12:31:53 -08:00
ohci-tmio.c
dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags
2017-09-01 11:59:17 +02:00
ohci.h
ohci-pci: add qemu quirk
2017-03-23 08:13:21 +01:00
oxu210hp-hcd.c
usb: host: Remove remaining pci_pool in comments
2017-03-16 18:03:31 +09:00
oxu210hp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pci-quirks.c
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
pci-quirks.h
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
r8a66597-hcd.c
usb: r8a66597-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
r8a66597.h
sl811_cs.c
sl811-hcd.c
usb: host/sl811-hcd: constify hc_driver structures
2017-07-30 07:26:51 -07:00
sl811.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ssb-hcd.c
USB: ssb: use devm_kzalloc
2015-06-08 14:26:22 -07:00
u132-hcd.c
usb: host: u132-hcd: constify hc_driver structures
2017-07-30 07:26:52 -07:00
uhci-debug.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-grlib.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-hcd.c
usb/uhci: Add support for Aspeed BMC SoCs
2017-05-25 14:30:13 +02:00
uhci-hcd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-hub.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-pci.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-platform.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
uhci-q.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xhci-dbg.c
usb: xhci: remove xhci_dbg_ctx()
2017-04-08 12:17:42 +02:00
xhci-ext-caps.h
usb: host: xhci: remove unneded semicolon
2017-01-25 10:59:06 +01:00
xhci-hub.c
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
xhci-mem.c
xhci: Fix kernel oops in trace_xhci_free_virt_device
2018-07-08 15:30:47 +02:00
xhci-mtk-sch.c
usb: host: xhci: purge GET_MAX_PACKET()
2016-11-03 10:38:22 +02:00
xhci-mtk.c
usb: xhci-mtk: add generic compatible string
2017-08-31 18:08:46 +02:00
xhci-mtk.h
usb: xhci-mtk: add reference clock
2017-01-19 10:37:16 +01:00
xhci-mvebu.c
usb: host: xhci: plat: change type of mvebu init_quirk()
2016-04-26 16:08:02 -07:00
xhci-mvebu.h
usb: host: xhci: plat: change type of mvebu init_quirk()
2016-04-26 16:08:02 -07:00
xhci-pci.c
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00
xhci-plat.c
usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing"
2018-05-25 16:17:38 +02:00
xhci-plat.h
usb: host: xhci-plat: add resume_quirk()
2017-04-19 19:59:17 +02:00
xhci-rcar.c
usb: host: xhci-rcar: add support for r8a77965
2018-03-19 08:42:45 +01:00
xhci-rcar.h
usb: host: xhci-plat: set resume_quirk() for R-Car controllers
2017-04-19 19:59:17 +02:00
xhci-ring.c
usb: xhci: fix TDS for MTK xHCI1.1
2017-12-20 10:10:19 +01:00
xhci-tegra.c
usb: xhci: remove dummy extra_priv_size for size of xhci_hcd struct
2017-03-09 18:00:39 +01:00
xhci-trace.c
xhci: Export symbols used by host-controller drivers
2014-10-03 14:44:45 -07:00
xhci-trace.h
xhci: Fix kernel oops in trace_xhci_free_virt_device
2018-07-08 15:30:47 +02:00
xhci.c
xhci: Fix use-after-free in xhci_free_virt_device
2018-07-03 11:25:05 +02:00
xhci.h
xhci: workaround for AMD Promontory disabled ports wakeup
2018-05-30 07:51:56 +02:00