hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/drivers/usb/usbip
History
Shuah Khan (Samsung OSG) c171654caa usbip: usbip_host: fix bad unlock balance during stub_probe() 
stub_probe() calls put_busid_priv() in an error path when device isn't
found in the busid_table. Fix it by making put_busid_priv() safe to be
called with null struct bus_id_priv pointer.

This problem happens when "usbip bind" is run without loading usbip_host
driver and then running modprobe. The first failed bind attempt unbinds
the device from the original driver and when usbip_host is modprobed,
stub_probe() runs and doesn't find the device in its busid table and calls
put_busid_priv(0 with null bus_id_priv pointer.

usbip-host 3-10.2: 3-10.2 is not in match_busid table...  skip!

[  367.359679] =====================================
[  367.359681] WARNING: bad unlock balance detected!
[  367.359683] 4.17.0-rc4+ #5 Not tainted
[  367.359685] -------------------------------------
[  367.359688] modprobe/2768 is trying to release lock (
[  367.359689]
==================================================================
[  367.359696] BUG: KASAN: null-ptr-deref in print_unlock_imbalance_bug+0x99/0x110
[  367.359699] Read of size 8 at addr 0000000000000058 by task modprobe/2768

[  367.359705] CPU: 4 PID: 2768 Comm: modprobe Not tainted 4.17.0-rc4+ #5

Fixes: 22076557b0 ("usbip: usbip_host: fix NULL-ptr deref and use-after-free errors") in usb-linus
Signed-off-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-05-16 18:52:13 +02:00
..
Kconfig usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS 2018-03-09 09:16:18 -08:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
README
stub.h usbip: usbip_host: fix NULL-ptr deref and use-after-free errors 2018-05-15 09:52:02 +02:00
stub_dev.c usbip: usbip_host: fix NULL-ptr deref and use-after-free errors 2018-05-15 09:52:02 +02:00
stub_main.c usbip: usbip_host: fix bad unlock balance during stub_probe() 2018-05-16 18:52:13 +02:00
stub_rx.c Merge 4.15.0-rc6 into usb-next 2018-01-02 15:13:41 +01:00
stub_tx.c usbip: stub: stop printing kernel pointer addresses in messages 2017-12-19 11:40:54 +01:00
usbip_common.c Merge 4.15-rc8 into usb-next 2018-01-15 15:00:11 +01:00
usbip_common.h usbip: vhci_hcd: Fix usb device and sockfd leaks 2018-04-22 14:45:11 +02:00
usbip_event.c usbip: usbip_event: fix to not print kernel pointer address 2018-04-22 14:45:12 +02:00
vhci.h USB: usbip: Remove redundant license text 2017-11-07 15:45:01 +01:00
vhci_hcd.c usbip: vhci_hcd: check rhport before using in vhci_hub_control() 2018-04-22 14:45:11 +02:00
vhci_rx.c usbip: vhci: fix spelling mistake: "synchronuously" -> "synchronously" 2018-01-04 17:05:55 +01:00
vhci_sysfs.c USB: move many drivers to use DEVICE_ATTR_WO 2018-01-24 08:49:52 +01:00
vhci_tx.c usbip: vhci: stop printing kernel pointer addresses in messages 2017-12-19 11:40:54 +01:00
vudc.h USB: usbip: Remove redundant license text 2017-11-07 15:45:01 +01:00
vudc_dev.c USB: usbip: Remove redundant license text 2017-11-07 15:45:01 +01:00
vudc_main.c USB: usbip: Remove redundant license text 2017-11-07 15:45:01 +01:00
vudc_rx.c usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input 2018-01-04 17:07:26 +01:00
vudc_sysfs.c usbip: vudc: fix null pointer dereference on udc->lock 2018-03-09 10:01:07 -08:00
vudc_transfer.c USB: usbip: Remove redundant license text 2017-11-07 15:45:01 +01:00
vudc_tx.c usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer 2018-01-04 17:07:27 +01:00

README 

TODO:
	- more discussion about the protocol
	- testing
	- review of the userspace interface
	- document the protocol

Please send patches for this code to Greg Kroah-Hartman <greg@kroah.com>