From patchwork Mon Sep 30 01:48:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 13815304 Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01on2062.outbound.protection.outlook.com [40.107.215.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87D8F1CD2B; Mon, 30 Sep 2024 01:48:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.215.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727660939; cv=fail; b=C1UGRN7zZ5vspA21vf4FRw59H+sBwueVRhIxSPbj/qPyjHyBYTXOXbzGJk8kblZ69rAJNTa4aHGg/sWnFFNP2Ix+k3Rrp/YOPd130PE5nDKDohkuoomG944ZuoG6KKG9hE/4o11wBubBDmsew7i6mOeLBoNAHYzfhuTGSZ+zOXY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727660939; c=relaxed/simple; bh=9ed/ORkBrTgSfQeEanFh2tAEyXYfG4LlYfP+bmWfpQc=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=MxYUUJ+PmTuhHLBNGrl4detRAv1BaH4N/fcIzoEOYYJAvdIuQUlctWduBEo3SWHx1S6R6s0h7CHETXozUfffFAHcVOL6wKoIlwk6DSaOaNC5h6gUQs1K+3NiH1Ktf4oKYBtZWzJpMe01gVRVJFgZ4pkF3pJgqFvMOeVix3vL5wo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=Bb7KBCDr; arc=fail smtp.client-ip=40.107.215.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="Bb7KBCDr" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=U2NpFQrmfWgfnNcoQ3MVb/9WOZ5IeIWcmYAWe8s7DpXifcxi9lcrSq8zFljB1vuAlFK3sN1UvgDaoLQ2FJ5dW59gphyqtwPQIyiv/R+uXvuk+nI9fYtkBFsDUGw9I5131kwtllwEj4tVGW3IHUimmE9biBrkXi3rpPwqSJfZfKo9FE+MrhgsCWnqugfhyKsHtAxW2juBJcX4V1uJIzno2Lz8Kv/o+PH1gzL/CALq6ZoC0/3iUuReG37nhhvDHZj6ceWVflCCx48Lc/pFm4yB+J/SwjBnpt8sHH6GYWnD9yybEAceT//r7iEPeyxeYjq2+rQuRoYzy7G0D1FQyiLKGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9ed/ORkBrTgSfQeEanFh2tAEyXYfG4LlYfP+bmWfpQc=; b=ke5K1h6bsqOfA+/Xq3+iTHmB6sdUddbTuDXAtazaNO2SqhJCSytWBaKbrdIt0STyxwolBhH1/qOpEUtSdoLUi89Xx+GzgTF/bdzYHjGei27+pGp6Bd4iFotSmi/fa4ulERY5W39dVGgLNUN98e1SvOwlNQp61hAlP99sHlPU9lEjlBwYLU0q42Eks8NAk5IM9jvhqQa/vmeiXS4Bbj5xqlKYA1rdepA/Z+QQWKSf441hJclV8KpR2wD6GLMiDLM1Ig4PxnAtIBzykO5C2mtrl3pz7Tgg/Ek2y0nMVHxWItMv88s4muK1QJ+SoSeQPV5LniMTZr6acnShiN4InWYE0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9ed/ORkBrTgSfQeEanFh2tAEyXYfG4LlYfP+bmWfpQc=; b=Bb7KBCDr/tST4dCfO5xWFJ4SvJJ1j4+yCaG/Y82cwVu5I3q95EfSwaOe1A4mXCt/3qUZoRSi7SgRyzwdhXtOhAsO6n/O9HC//ox9aLANk7xXEm613UQaTRVbfEBOeUNY4hloVsB2bPY9YX+PCVXLch9iJkXWj5nAty5lXHL25KRyW1Y05iXm/Qeibas8C5zW26XTdzoCxVaPePRzpxs14M4r4UfniUKgGjlpCkiICFbMdYzddKrcn3k+v/jUstFEdcEM+HsNEkLTHx7PgsHvrTqKRk7FsjHWC3SqbtbVvNV/CyZLlVFVxtwSofxQdH8qx91L5g7Nq4dbizU7T36pqQ== Received: from TYUPR06MB6217.apcprd06.prod.outlook.com (2603:1096:400:358::7) by SEZPR06MB7024.apcprd06.prod.outlook.com (2603:1096:101:1f1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.26; Mon, 30 Sep 2024 01:48:45 +0000 Received: from TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe]) by TYUPR06MB6217.apcprd06.prod.outlook.com ([fe80::c18d:f7c6:7590:64fe%5]) with mapi id 15.20.8005.024; Mon, 30 Sep 2024 01:48:44 +0000 From: =?utf-8?b?6IOh6L+e5Yuk?= To: "gregkh@linuxfoundation.org" CC: Michael Nazzareno Trimarchi , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , "akpm@linux-foundation.org" , =?utf-8?b?6IOh6L+e?= =?utf-8?b?5Yuk?= , Prashanth K , "quic_jjohnson@quicinc.com" Subject: [PATCH] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Thread-Topic: [PATCH] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Thread-Index: AdsS2sv/KrbNWrYhQLGh2QI0DyN4gg== Date: Mon, 30 Sep 2024 01:48:44 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYUPR06MB6217:EE_|SEZPR06MB7024:EE_ x-ms-office365-filtering-correlation-id: 4bc20a12-05a0-4ad1-3af4-08dce0f204ed x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?PmVeRLo0GSVHSs86dhojZhruPK1KXKR?= =?utf-8?q?3CcxamgHbzJU5oFCcTeJ7QE6RLxD4A1SfgzXHf02DVQdZ8nAXAmlmNAO5NfSl+5Uf?= =?utf-8?q?5Y0/aZ4VVSlzAJygStvAU/IM6S4G90sPBY1y0TgqOfT1KHzFZBHJxt6cX3tD4AnKw?= =?utf-8?q?1H+I+TSzlkOOxB6opUhihSznv5USxlD9j0tPNLh9xMqom6VZDNsXPmdugFuINAf98?= =?utf-8?q?/yNoNXykf3hGKAZAkkMWPAIUgZJMdPua++/ZGCuHgrpo8PiLwdvn71zlroUm+7Rr2?= =?utf-8?q?+5qAutGWDK2u33+T8STu3IXcnOkqKs8LiDDAZ6e0CG6gMkf/e4MTtF/ygB2/xoThM?= =?utf-8?q?n9FrrLNWlA1bmP+LI1glin3nDrkph82WWOhk6uIfTJWjSl+SlXUi2O3ONZaJK9uZC?= =?utf-8?q?yYRgfic0KlqUAm1M6JGBJb+bSQYnHZy3aIPBLWFlZ1WANJCduLwP8Bhr76DXCSSp2?= =?utf-8?q?gABn3qY3AB9Yb6fuFtejm6gMtwrgHXkGLt6YUUKOvkOl1qd4V0aVcBnocWm0lI8ZG?= =?utf-8?q?dY2TSCXP0z+LXqRgstnQF1wQj/z24erNmUFH36wPhq/0wvRbGm2lUheS700khQkjn?= =?utf-8?q?YpO4BOot2VsyUjtlEIy3JkDrxkQX1ztF+DuFS9hFhPwg+KLzkgXFr4FF+TWaKe6Ak?= =?utf-8?q?BGIeuObJTushQmAXMJ/qX+dQFYl3oLOjiQuUXuhMDSl6mm0H+zewQ5d3B4cQSXK3v?= =?utf-8?q?0kRSwKT8fosJg0dmNyA9Tn2cLvY037PWkhyg57onP92KuoJs5YwEKQRBR04tZhzSX?= =?utf-8?q?GxnOx001YlI2WsAgmL9ANglE47bm5LHjCCNEoDPS+hYaJxOzVF1ljAyTHcymSZEY3?= =?utf-8?q?JrklyCF+K28GDZEITbIVWXlBrCT1ZdmCs6toLiOnAOKcRVNDne6rlLBTSwGu7ULLT?= =?utf-8?q?1ksElmkV7lZ8w5t0yKk/tX3uGbBIbzBFsmemK8N+LEs2DESJnAMwshZEzz0p4Kk+y?= =?utf-8?q?N2QkilRgld+Cm3Bbj+DWmvru8Ib3lENz2Rtu+6EEp9sdjp0xiuFE5YHQzhemDmQJj?= =?utf-8?q?GFh/AztFMNCWWXsoec/18wlYwVn1cIrzSm4/XwwJaRKMgmN7mTjsM8MhkRxFDKXe3?= =?utf-8?q?DMAWpG0K2v4zb83UHqww+8eFwH7VVPHUGXeCp3FFGNeZkcPVgs1oJjO2KYJIdJXcB?= =?utf-8?q?QPM3aLEviB+SNG/aogz/f1WWJY9n8Xvjg2rabzyO164A6apR11EScPoAWZzBWFCaX?= =?utf-8?q?b5lgbHx2jHOkdLGdZ9Os1ZQp+vfLabmVjqtC4CJEPuQ1uIvWSgDUsB5zbdwXISjOW?= =?utf-8?q?qXPPxKRpzlH+RQ4krdj615IVO6CGGoCZ0Uw=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYUPR06MB6217.apcprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?cYdZaPc7XaXuBoJ/+dooPq0geKQP?= =?utf-8?q?wFROjaRoBFkz3DzI6JBRqRY8ci8ERd7bUMGgyU4xLFg/oU3WIqSf7V6ZpBoBNwMXi?= =?utf-8?q?xUfXv0rcpPYElgzswlY/5MIo1YfafU/qA7WVTp+d0I8Pflujyh3X1G/OLmz/WI/tE?= =?utf-8?q?SQsG5Pdh/uhdd97B9XJiLndFvxf2RlvjAFMSq6b5p/8gwZQ905CVTzze+wXdfCBiz?= =?utf-8?q?Xg7RSIqrmbMlNTBDsW3A+q6MVvqTcCK8hRghM3H39NjXDyoWcA1amiMWXW4SpXDDU?= =?utf-8?q?82N+MeRUAW39jJ7UVuwm648VwhO5nSAi+x4ZfaHusJaUn9uXPosY2nrXFkZWPSpch?= =?utf-8?q?pHsWbbxE5xplAxBMZQ88mghNE+QH/CnObRBpK9lQsfskisF1b8QxUILAiEa+3HBz3?= =?utf-8?q?hE8DMHQBePyk5VrVly4HBTvPAr4hFNYG3T3Jl3Q+6lsErJfaOr4VRTZd3QrIht69L?= =?utf-8?q?nT4+G12P0lPz2YEaW2GxkcssqEG3ooXz+0qsEc1q9PNRk45/pDEa14p3pdKJbNofA?= =?utf-8?q?6B7xfVKTbX2Y2CojSHwBmLqZ3AvsOrY80slzzQGiCHNa2+iMz8drXcGKa1ZJOc6lO?= =?utf-8?q?43jJCr2epf3CSzEvWhjd5Fht9QhuHxZOK1mB5hdh4N9nJuD+agsLqnuASdEeigFWB?= =?utf-8?q?6qeWemw+J9eCWiECY5ZmZ2lWwFZHQhJ3uD0WMDGfcTj9Mn2IliGF3ME1wdyVNQRG7?= =?utf-8?q?tefaYl52vuxUtV6JQepvVWECqoPRO7mPQ0WEl3zfNiADJRAwjZ9cye7KRLEeNeF+f?= =?utf-8?q?Sv1V2zyQa3/JKXe1hvJk3LAlyrEEKKR4Q7QBf+u0uU686ym4+d6OTagmPYPue7sY/?= =?utf-8?q?CACykM7oHwSobH7dX9IDiAocEkP4CpfH6Eal8Rms6VLhwVHyAtyi9CxcTrU7s8Pw1?= =?utf-8?q?6nUo21nGTRXd2Ry0+laqQvC3EzGknV1b5NmSTdCIjhdRnyowOASz64kCyCVG0Yfj5?= =?utf-8?q?408Fjw+f+F1taFJq/O6Af/teRPYRj8hlNBFWVSoUoUT5gNRbPK3tA77t83jL6uKDm?= =?utf-8?q?grCKXNerelR31oDPnhoON8cEUDSusEPfr8++Ca/smnIkIXURjGa366aHBFOU39z+H?= =?utf-8?q?w8/pfGgQ0VNiziF6O8y74tJ6/aOSnrV0k92iL2rsgXIr3WCPVFPfLXmXM35ukT7DI?= =?utf-8?q?W1yI5v1NKEaQfNmOzkQJN00EKAwfpI6Yy25gAFOrIOxA6oUh+m5kthYoKPAciQz0M?= =?utf-8?q?Zi7hFjHtPhDrEW9pwdi+dS5UK+FXrP/5JONZXeiJQRnA024G86P2taPlcX1UBnodH?= =?utf-8?q?mCDmWvqHnkSm6abY3WagbldpE8Hjrre3BYpO8kmz7Mr7AbnPf2KWu5DSmRR0zImI5?= =?utf-8?q?BncRCIrZxULjaVUAFZzGaC3A16v2SKZ1ssRXgqcE8bgTJeb/fna4ZWPpxwXzRGoZh?= =?utf-8?q?HIP0ATSWqeKi++VFAfD+esNX9sLJUS9EQE6fZLJFhT5yC1uv/3MVzcp8tNibmBkuE?= =?utf-8?q?T8B5ceNu7mW6G8/mNVoNNmrPSwCl9lOtxtqoHaCax0jIl/u7gsqpx354=3D?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYUPR06MB6217.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4bc20a12-05a0-4ad1-3af4-08dce0f204ed X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2024 01:48:44.8746 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Z8X0QAvmaSCm2u4tmw9BU5HZSFpqaUh/B3cwNL49cXb1cymZ9uwdzfIBAQLTRNZOyos4OfgjfcROmOkSZBy7hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR06MB7024 From: Lianqin Hu Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr : usb_gadget_giveback_request+0x40/0x160 sp : ffffffc00f1539c0 x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000 x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000 x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8 x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098 x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000 x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000 x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8 Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal exception Fixes: c1dca562be8a ("usb gadget: split out serial core") Cc: stable@vger.kernel.org Suggested-by: Greg Kroah-Hartman Signed-off-by: Lianqin Hu --- drivers/usb/gadget/function/u_serial.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index b394105e55d6..1712e9cd08be 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -1395,6 +1395,10 @@ void gserial_disconnect(struct gserial *gser) /* REVISIT as above: how best to track this? */ port->port_line_coding = gser->port_line_coding; + /* disable endpoints, aborting down any active I/O */ + usb_ep_disable(gser->out); + usb_ep_disable(gser->in); + port->port_usb = NULL; gser->ioport = NULL; if (port->port.count > 0) { @@ -1406,10 +1410,6 @@ void gserial_disconnect(struct gserial *gser) spin_unlock(&port->port_lock); spin_unlock_irqrestore(&serial_port_lock, flags); - /* disable endpoints, aborting down any active I/O */ - usb_ep_disable(gser->out); - usb_ep_disable(gser->in); - /* finally, free any unused/unusable I/O buffers */ spin_lock_irqsave(&port->port_lock, flags); if (port->port.count == 0)