| Message ID | 20231004062642.16431-1-wookwang.lee@samsung.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | usb: core: add bos NULL pointer checking condition | expand |
On Wed, Oct 04, 2023 at 03:26:42PM +0900, Woo-kwang Lee wrote: > This issue occurs when connecting Galaxy S22 and abnormal SEC Dex Adapter. > When the abnormal adapter is connected, kernel panic always occurs after a > few seconds. > This occurs due to unable to get BOS descriptor, usb_release_bos_descriptor > set dev->bos = NULL. > > - usb_reset_and_verify_device > - hub_port_init > - usb_release_bos_descriptor > - dev->bos = NULL; > > hub_port_connect_change() calls portspeed(), and portspeed() calls hub_is_s > uperspeedplus(). > Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. > It needs to check hdev->bos is NULL to prevent a kernel panic. > > usb 3-1: new SuperSpeed Gen 1 USB device number 16 using xhci-hcd-exynos > usb 3-1: unable to get BOS descriptor set > usb 3-1: Product: USB3.0 Hub > Unable to handle kernel NULL pointer dereference at virtual address 0000018 > > Call trace: > hub_port_connect_change+0x8c/0x538 > port_event+0x244/0x764 > hub_event+0x158/0x474 > process_one_work+0x204/0x550 > worker_thread+0x28c/0x580 > kthread+0x13c/0x178 > ret_from_fork+0x10/0x30 > > - hub_port_connect_change > - portspeed > - hub_is_superspeedplus > > Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status request") > Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> > --- > drivers/usb/core/hub.h | 2 ++ > 1 file changed, 2 insertions(+) Are you sure this isn't already fixed by commit f74a7afc224a ("usb: hub: Guard against accesses to uninitialized BOS descriptors") in linux-next? thanks, greg k-h
Hello. I think I missed the patch. Thank you for your quick feedback. Woo-kwang Lee > On Wed, Oct 04, 2023 at 03:26:42PM +0900, Woo-kwang Lee wrote: > > This issue occurs when connecting Galaxy S22 and abnormal SEC Dex > Adapter. > > When the abnormal adapter is connected, kernel panic always occurs > > after a few seconds. > > This occurs due to unable to get BOS descriptor, > > usb_release_bos_descriptor set dev->bos = NULL. > > > > - usb_reset_and_verify_device > > - hub_port_init > > - usb_release_bos_descriptor > > - dev->bos = NULL; > > > > hub_port_connect_change() calls portspeed(), and portspeed() calls > > hub_is_s uperspeedplus(). > > Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. > > It needs to check hdev->bos is NULL to prevent a kernel panic. > > > > usb 3-1: new SuperSpeed Gen 1 USB device number 16 using > > xhci-hcd-exynos usb 3-1: unable to get BOS descriptor set usb 3-1: > > Product: USB3.0 Hub Unable to handle kernel NULL pointer dereference > > at virtual address 0000018 > > > > Call trace: > > hub_port_connect_change+0x8c/0x538 > > port_event+0x244/0x764 > > hub_event+0x158/0x474 > > process_one_work+0x204/0x550 > > worker_thread+0x28c/0x580 > > kthread+0x13c/0x178 > > ret_from_fork+0x10/0x30 > > > > - hub_port_connect_change > > - portspeed > > - hub_is_superspeedplus > > > > Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status > > request") > > Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> > > --- > > drivers/usb/core/hub.h | 2 ++ > > 1 file changed, 2 insertions(+) > > Are you sure this isn't already fixed by commit f74a7afc224a ("usb: hub: > Guard against accesses to uninitialized BOS descriptors") in linux-next? > > thanks, > > greg k-h
On Wed, Oct 04, 2023 at 04:06:17PM +0900, Woo-kwang Lee wrote:
> Hello. I think I missed the patch.
I do not understand, does that mean that you have tested the patch (and
which one, please do not top post), and that this is not needed?
confused,
greg k-h
Hello. Grek. It means that this is not needed. Commit id f74a7afc224a already has hub_is_superspeedplus modification. I'm sorry for the confusion. Thank you. Woo-kwang Lee > -----Original Message----- > From: 'Greg KH' <gregkh@linuxfoundation.org> > Sent: Wednesday, October 4, 2023 4:22 PM > To: Woo-kwang Lee <wookwang.lee@samsung.com> > Cc: linux-usb@vger.kernel.org; linux-kernel@vger.kernel.org; > stable@vger.kernel.org; sj1557.seo@samsung.com > Subject: Re: [PATCH] usb: core: add bos NULL pointer checking condition > > On Wed, Oct 04, 2023 at 04:06:17PM +0900, Woo-kwang Lee wrote: > > Hello. I think I missed the patch. > > I do not understand, does that mean that you have tested the patch (and > which one, please do not top post), and that this is not needed? > > confused, > greg k-h
diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h index 73f4482d833a..cc0c994e19e5 100644 --- a/drivers/usb/core/hub.h +++ b/drivers/usb/core/hub.h @@ -139,6 +139,8 @@ static inline int hub_is_superspeed(struct usb_device *hdev) static inline int hub_is_superspeedplus(struct usb_device *hdev) { + if (!hdev->bos) + return 0; return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS && le16_to_cpu(hdev->descriptor.bcdUSB) >= 0x0310 && hdev->bos->ssp_cap);
This issue occurs when connecting Galaxy S22 and abnormal SEC Dex Adapter. When the abnormal adapter is connected, kernel panic always occurs after a few seconds. This occurs due to unable to get BOS descriptor, usb_release_bos_descriptor set dev->bos = NULL. - usb_reset_and_verify_device - hub_port_init - usb_release_bos_descriptor - dev->bos = NULL; hub_port_connect_change() calls portspeed(), and portspeed() calls hub_is_s uperspeedplus(). Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap. It needs to check hdev->bos is NULL to prevent a kernel panic. usb 3-1: new SuperSpeed Gen 1 USB device number 16 using xhci-hcd-exynos usb 3-1: unable to get BOS descriptor set usb 3-1: Product: USB3.0 Hub Unable to handle kernel NULL pointer dereference at virtual address 0000018 Call trace: hub_port_connect_change+0x8c/0x538 port_event+0x244/0x764 hub_event+0x158/0x474 process_one_work+0x204/0x550 worker_thread+0x28c/0x580 kthread+0x13c/0x178 ret_from_fork+0x10/0x30 - hub_port_connect_change - portspeed - hub_is_superspeedplus Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status request") Signed-off-by: Woo-kwang Lee <wookwang.lee@samsung.com> --- drivers/usb/core/hub.h | 2 ++ 1 file changed, 2 insertions(+)