| Message ID | 1457416681-7516-2-git-send-email-yoshihiro.shimoda.uh@renesas.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Geert Uytterhoeven |
| Headers | show |
Hi Yoshihiro, Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: > [ text/plain ] > When unexpected situation happened (e.g. tx/rx irq happened while > DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL > pointer dereference like the followings: > > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > pgd = c0004000 > [00000000] *pgd=00000000 > Internal error: Oops: 80000007 [#1] SMP ARM > Modules linked in: usb_f_acm u_serial g_serial libcomposite > CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63 > Hardware name: Generic R8A7790 (Flattened Device Tree) > task: c0729c00 ti: c0724000 task.ti: c0724000 > PC is at 0x0 > LR is at usbhsf_pkt_handler+0xac/0x118 > pc : [<00000000>] lr : [<c03257e0>] psr: 60000193 > sp : c0725db8 ip : 00000000 fp : c0725df4 > r10: 00000001 r9 : 00000193 r8 : ef3ccab4 > r7 : ef3cca10 r6 : eea4586c r5 : 00000000 r4 : ef19ceb4 > r3 : 00000000 r2 : 0000009c r1 : c0725dc4 r0 : ef19ceb4 > > This patch adds a condition to avoid the dereference. > > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> is this a regression fix ? Do we need it in current -rc (it's getting late for that, actually), do we need a Cc: <stable> here ? Same questions are valid for the other patch in this series.
Hi Felipe, > Hi Yoshihiro, > > Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: > > [ text/plain ] > > When unexpected situation happened (e.g. tx/rx irq happened while > > DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL > > pointer dereference like the followings: > > > > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > > pgd = c0004000 > > [00000000] *pgd=00000000 > > Internal error: Oops: 80000007 [#1] SMP ARM > > Modules linked in: usb_f_acm u_serial g_serial libcomposite > > CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63 > > Hardware name: Generic R8A7790 (Flattened Device Tree) > > task: c0729c00 ti: c0724000 task.ti: c0724000 > > PC is at 0x0 > > LR is at usbhsf_pkt_handler+0xac/0x118 > > pc : [<00000000>] lr : [<c03257e0>] psr: 60000193 > > sp : c0725db8 ip : 00000000 fp : c0725df4 > > r10: 00000001 r9 : 00000193 r8 : ef3ccab4 > > r7 : ef3cca10 r6 : eea4586c r5 : 00000000 r4 : ef19ceb4 > > r3 : 00000000 r2 : 0000009c r1 : c0725dc4 r0 : ef19ceb4 > > > > This patch adds a condition to avoid the dereference. > > > > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> > > is this a regression fix ? Do we need it in current -rc (it's getting > late for that, actually), do we need a Cc: <stable> here ? > > Same questions are valid for the other patch in this series. Thank you for the review. This is a potential problem fix. This issue is possible to cause the first DMA supporting (e73a989 usb: renesas_usbhs: add DMAEngine support) at 2011, I think. We don't need in current -rc because I also think this is too late for it. I'm not sure we need a CC here. Best regards, Yoshihiro Shimoda > -- > balbi
Hi, Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: >> Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: >> > [ text/plain ] >> > When unexpected situation happened (e.g. tx/rx irq happened while >> > DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL >> > pointer dereference like the followings: >> > >> > Unable to handle kernel NULL pointer dereference at virtual address 00000000 >> > pgd = c0004000 >> > [00000000] *pgd=00000000 >> > Internal error: Oops: 80000007 [#1] SMP ARM >> > Modules linked in: usb_f_acm u_serial g_serial libcomposite >> > CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63 >> > Hardware name: Generic R8A7790 (Flattened Device Tree) >> > task: c0729c00 ti: c0724000 task.ti: c0724000 >> > PC is at 0x0 >> > LR is at usbhsf_pkt_handler+0xac/0x118 >> > pc : [<00000000>] lr : [<c03257e0>] psr: 60000193 >> > sp : c0725db8 ip : 00000000 fp : c0725df4 >> > r10: 00000001 r9 : 00000193 r8 : ef3ccab4 >> > r7 : ef3cca10 r6 : eea4586c r5 : 00000000 r4 : ef19ceb4 >> > r3 : 00000000 r2 : 0000009c r1 : c0725dc4 r0 : ef19ceb4 >> > >> > This patch adds a condition to avoid the dereference. >> > >> > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> >> >> is this a regression fix ? Do we need it in current -rc (it's getting >> late for that, actually), do we need a Cc: <stable> here ? >> >> Same questions are valid for the other patch in this series. > > Thank you for the review. no problem :-) > This is a potential problem fix. This issue is possible to cause the > first DMA supporting (e73a989 usb: renesas_usbhs: add DMAEngine > support) at 2011, I think. okay, so according to git describe: $ git describe e73a989 v3.0-rc2-22-ge73a9891b3a1 this entered mainline on v3.1. This means you need to add: Fixes: e73a989 ("usb: renesas_usbhs: add DMAEngine support") Cc: <stable@vger.kernel.org> # v3.1+ to your commit log, right before your Signed-off-by. > We don't need in current -rc because I also think this is too late for > it. I'm not sure we need a CC here. okay, so I'll queue this once v4.6-rc1 is merged. But please resend with the changes above. Let me know if you need any further clarification.
Hi, > > Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: > >> Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> writes: > >> > This patch adds a condition to avoid the dereference. > >> > > >> > Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> > >> > >> is this a regression fix ? Do we need it in current -rc (it's getting > >> late for that, actually), do we need a Cc: <stable> here ? > >> > >> Same questions are valid for the other patch in this series. > > > > Thank you for the review. > > no problem :-) > > > This is a potential problem fix. This issue is possible to cause the > > first DMA supporting (e73a989 usb: renesas_usbhs: add DMAEngine > > support) at 2011, I think. > > okay, so according to git describe: > > $ git describe e73a989 > v3.0-rc2-22-ge73a9891b3a1 > > this entered mainline on v3.1. This means you need to add: > > Fixes: e73a989 ("usb: renesas_usbhs: add DMAEngine support") > Cc: <stable@vger.kernel.org> # v3.1+ > > to your commit log, right before your Signed-off-by. > > > We don't need in current -rc because I also think this is too late for > > it. I'm not sure we need a CC here. > > okay, so I'll queue this once v4.6-rc1 is merged. But please resend with > the changes above. Let me know if you need any further clarification. Thank you very much for the detail. I will send v2 patches with the changes above. Best regards, Yoshihiro Shimoda > -- > balbi
diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c index b4de70e..0c25c01 100644 --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -190,7 +190,8 @@ static int usbhsf_pkt_handler(struct usbhs_pipe *pipe, int type) goto __usbhs_pkt_handler_end; } - ret = func(pkt, &is_done); + if (likely(func)) + ret = func(pkt, &is_done); if (is_done) __usbhsf_pkt_del(pkt);
When unexpected situation happened (e.g. tx/rx irq happened while DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL pointer dereference like the followings: Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 80000007 [#1] SMP ARM Modules linked in: usb_f_acm u_serial g_serial libcomposite CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63 Hardware name: Generic R8A7790 (Flattened Device Tree) task: c0729c00 ti: c0724000 task.ti: c0724000 PC is at 0x0 LR is at usbhsf_pkt_handler+0xac/0x118 pc : [<00000000>] lr : [<c03257e0>] psr: 60000193 sp : c0725db8 ip : 00000000 fp : c0725df4 r10: 00000001 r9 : 00000193 r8 : ef3ccab4 r7 : ef3cca10 r6 : eea4586c r5 : 00000000 r4 : ef19ceb4 r3 : 00000000 r2 : 0000009c r1 : c0725dc4 r0 : ef19ceb4 This patch adds a condition to avoid the dereference. Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> --- drivers/usb/renesas_usbhs/fifo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)