hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/drivers/usb/host
History
Carsten Schmid 7aa1bb2ffd usb: xhci: avoid null pointer deref when bos field is NULL 
With defective USB sticks we see the following error happen:
usb 1-3: new high-speed USB device number 6 using xhci_hcd
usb 1-3: device descriptor read/64, error -71
usb 1-3: device descriptor read/64, error -71
usb 1-3: new high-speed USB device number 7 using xhci_hcd
usb 1-3: device descriptor read/64, error -71
usb 1-3: unable to get BOS descriptor set
usb 1-3: New USB device found, idVendor=0781, idProduct=5581
usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
...
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008

This comes from the following place:
[ 1660.215380] IP: xhci_set_usb2_hardware_lpm+0xdf/0x3d0 [xhci_hcd]
[ 1660.222092] PGD 0 P4D 0
[ 1660.224918] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 1660.425520] CPU: 1 PID: 38 Comm: kworker/1:1 Tainted: P     U  W  O    4.14.67-apl #1
[ 1660.434277] Workqueue: usb_hub_wq hub_event [usbcore]
[ 1660.439918] task: ffffa295b6ae4c80 task.stack: ffffad4580150000
[ 1660.446532] RIP: 0010:xhci_set_usb2_hardware_lpm+0xdf/0x3d0 [xhci_hcd]
[ 1660.453821] RSP: 0018:ffffad4580153c70 EFLAGS: 00010046
[ 1660.459655] RAX: 0000000000000000 RBX: ffffa295b4d7c000 RCX: 0000000000000002
[ 1660.467625] RDX: 0000000000000002 RSI: ffffffff984a55b2 RDI: ffffffff984a55b2
[ 1660.475586] RBP: ffffad4580153cc8 R08: 0000000000d6520a R09: 0000000000000001
[ 1660.483556] R10: ffffad4580a004a0 R11: 0000000000000286 R12: ffffa295b4d7c000
[ 1660.491525] R13: 0000000000010648 R14: ffffa295a84e1800 R15: 0000000000000000
[ 1660.499494] FS:  0000000000000000(0000) GS:ffffa295bfc80000(0000) knlGS:0000000000000000
[ 1660.508530] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1660.514947] CR2: 0000000000000008 CR3: 000000025a114000 CR4: 00000000003406a0
[ 1660.522917] Call Trace:
[ 1660.525657]  usb_set_usb2_hardware_lpm+0x3d/0x70 [usbcore]
[ 1660.531792]  usb_disable_device+0x242/0x260 [usbcore]
[ 1660.537439]  usb_disconnect+0xc1/0x2b0 [usbcore]
[ 1660.542600]  hub_event+0x596/0x18f0 [usbcore]
[ 1660.547467]  ? trace_preempt_on+0xdf/0x100
[ 1660.552040]  ? process_one_work+0x1c1/0x410
[ 1660.556708]  process_one_work+0x1d2/0x410
[ 1660.561184]  ? preempt_count_add.part.3+0x21/0x60
[ 1660.566436]  worker_thread+0x2d/0x3f0
[ 1660.570522]  kthread+0x122/0x140
[ 1660.574123]  ? process_one_work+0x410/0x410
[ 1660.578792]  ? kthread_create_on_node+0x60/0x60
[ 1660.583849]  ret_from_fork+0x3a/0x50
[ 1660.587839] Code: 00 49 89 c3 49 8b 84 24 50 16 00 00 8d 4a ff 48 8d 04 c8 48 89 ca 4c 8b 10 45 8b 6a 04 48 8b 00 48 89 45 c0 49 8b 86 80 03 00 00 <48> 8b 40 08 8b 40 03 0f 1f 44 00 00 45 85 ff 0f 84 81 01 00 00
[ 1660.608980] RIP: xhci_set_usb2_hardware_lpm+0xdf/0x3d0 [xhci_hcd] RSP: ffffad4580153c70
[ 1660.617921] CR2: 0000000000000008

Tracking this down shows that udev->bos is NULL in the following code:
(xhci.c, in xhci_set_usb2_hardware_lpm)
	field = le32_to_cpu(udev->bos->ext_cap->bmAttributes);  <<<<<<< here

	xhci_dbg(xhci, "%s port %d USB2 hardware LPM\n",
			enable ? "enable" : "disable", port_num + 1);

	if (enable) {
		/* Host supports BESL timeout instead of HIRD */
		if (udev->usb2_hw_lpm_besl_capable) {
			/* if device doesn't have a preferred BESL value use a
			 * default one which works with mixed HIRD and BESL
			 * systems. See XHCI_DEFAULT_BESL definition in xhci.h
			 */
			if ((field & USB_BESL_SUPPORT) &&
			    (field & USB_BESL_BASELINE_VALID))
				hird = USB_GET_BESL_BASELINE(field);
			else
				hird = udev->l1_params.besl;

The failing case is when disabling LPM. So it is sufficient to avoid
access to udev->bos by moving the instruction into the "enable" clause.

Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Carsten Schmid <carsten_schmid@mentor.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-05-22 14:25:37 +02:00
..
whci USB: host: whci: rename Kbuild file 2019-01-22 09:08:17 +01:00
Kconfig usb: host: xhci: mvebu: add reset on resume quirk 2019-01-30 09:22:35 +01:00
Makefile USB: EHCI: make ehci-mv a separate driver 2018-09-20 13:07:55 +02:00
bcma-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-atmel.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-dbg.c USB: ehci-hcd: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
ehci-exynos.c usb: host: exynos: Remove support for Exynos5440 2018-07-24 18:44:00 +02:00
ehci-fsl.c drivers: usb :fsl: Remove USB Errata checking code 2019-01-18 10:02:09 +01:00
ehci-fsl.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-grlib.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hcd.c usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
ehci-hub.c USB: ehci-hcd: Add get_resuming_ports method 2018-06-25 21:44:43 +08:00
ehci-mem.c Revert "usb: host: ehci: Use dma_pool_zalloc()" 2018-05-04 14:35:12 -07:00
ehci-mv.c USB: EHCI: ehci-mv: add MODULE_DEVICE_TABLE 2019-01-18 10:07:05 +01:00
ehci-mxc.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-npcm7xx.c USB: host: ehci-npcm7xx: Fix some error codes in probe 2018-06-28 19:32:42 +09:00
ehci-omap.c usb: ehci-omap: Fix deferred probe for phy handling 2018-12-17 14:07:59 +01:00
ehci-orion.c usb: ehci-orion: add S2RAM support 2019-01-30 09:22:35 +01:00
ehci-pci.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-platform.c usb: host: ehci-platform: remove custom USB PHY handling 2018-03-09 09:43:53 -08:00
ehci-pmcmsp.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ehci-ps3.c powerpc/ps3: Set driver coherent_dma_mask 2018-07-20 12:50:37 +10:00
ehci-q.c usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
ehci-sched.c usb: host: ehci-sched: remove redundant pointer dev 2018-07-13 15:41:56 +02:00
ehci-sh.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-spear.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-st.c pinctrl: files should directly include apis they use 2018-02-05 09:41:54 -08:00
ehci-sysfs.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
ehci-tegra.c usb: tegra: Move utmi-pads reset from ehci-tegra to tegra-phy 2018-04-23 09:50:57 +02:00
ehci-timer.c usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
ehci-w90x900.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-xilinx-of.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci.h usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
fhci-dbg.c USB: fhci-hcd: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
fhci-hcd.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hub.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-mem.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-q.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-sched.c usb: host: use usb_endpoint_maxp instead of usb_maxpacket 2019-04-19 14:23:34 +02:00
fhci-tds.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
fhci.h USB: fhci-hcd: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
fotg210-hcd.c usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
fotg210.h usb: host: Replace empty define with do while 2018-09-28 15:03:37 +02:00
fsl-mph-dr-of.c drivers: usb :fsl: Remove USB Errata checking code 2019-01-18 10:02:09 +01:00
hwa-hc.c USB: check usb_get_extra_descriptor for proper size 2018-12-05 21:20:14 +01:00
imx21-dbg.c USB: imx21-hcd: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
imx21-hcd.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
imx21-hcd.h USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
isp116x-hcd.c USB: isp116x-hcd: no need to check return value of debugfs_create functions 2018-05-31 12:54:21 +02:00
isp116x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
isp1362-hcd.c usb: host: isp1362-hcd: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-12 12:38:41 +01:00
isp1362.h usb: isp1362: remove blackfin arch glue 2018-03-26 15:57:14 +02:00
max3421-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-at91.c USB: host: ohci-at91: add sam9x60-sfr definition for ohci 2019-01-18 09:58:04 +01:00
ohci-da8xx.c usb: ohci-da8xx: drop the vbus GPIO 2019-04-12 19:46:48 +05:30
ohci-dbg.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
ohci-exynos.c usb: host: exynos: Remove support for Exynos5440 2018-07-24 18:44:00 +02:00
ohci-hcd.c USB: ohci: no need to check return value of debugfs_create functions 2018-05-31 12:54:21 +02:00
ohci-hub.c ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() 2018-02-15 18:43:57 +01:00
ohci-mem.c usb: host: remove unnecessary condition check 2018-11-07 13:22:06 +01:00
ohci-nxp.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-omap.c usb: add a flag to skip PHY initialization to struct usb_hcd 2018-03-09 09:43:52 -08:00
ohci-pci.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-platform.c usb: host: ohci-platform: remove custom USB PHY handling 2018-03-09 09:43:53 -08:00
ohci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-ps3.c powerpc/ps3: Set driver coherent_dma_mask 2018-07-20 12:50:37 +10:00
ohci-pxa27x.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-q.c usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() 2018-02-15 18:45:34 +01:00
ohci-s3c2410.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sa1111.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sm501.c dma-mapping: remove the DMA_MEMORY_EXCLUSIVE flag 2019-02-20 07:27:00 -07:00
ohci-spear.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-st.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tmio.c dma-mapping: remove the DMA_MEMORY_EXCLUSIVE flag 2019-02-20 07:27:00 -07:00
ohci.h USB: ohci: no need to check return value of debugfs_create functions 2018-05-31 12:54:21 +02:00
oxu210hp-hcd.c usb: host: oxu210hp-hcd: remove set but not used variables 'uframes, transfer_buffer_length' 2019-02-19 14:41:38 +01:00
oxu210hp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-quirks.c USB: OHCI: Remove USB bus reset delay from OHCI handover code 2018-09-10 20:05:02 +02:00
pci-quirks.h Revert "xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue" 2018-06-01 13:24:51 +02:00
r8a66597-hcd.c usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() 2018-12-19 08:13:26 +01:00
r8a66597.h USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
sl811-hcd.c USB: host: sl811: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-16 15:40:19 +01:00
sl811.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sl811_cs.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ssb-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
u132-hcd.c Merge 5.1-rc3 into usb-next 2019-04-01 07:42:04 +02:00
uhci-debug.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-grlib.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-hcd.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
uhci-hcd.h usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-hub.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-pci.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-platform.c usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-q.c USB: remove the URB_NO_FSBR flag 2017-12-12 13:16:07 +01:00
xhci-dbg.c usb: xhci: Cleanup printk debug message for ERST 2017-12-08 17:43:52 +01:00
xhci-dbgcap.c drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
xhci-dbgcap.h usb: xhci: dbc: Add SPDX identifiers to dbc files 2018-05-24 18:03:07 +02:00
xhci-dbgtty.c usb: xhci: dbc: Add SPDX identifiers to dbc files 2018-05-24 18:03:07 +02:00
xhci-debugfs.c usb: xhci: Fix a potential null pointer dereference in xhci_debugfs_create_endpoint() 2019-05-22 14:25:37 +02:00
xhci-debugfs.h usb: xhci: remove unused member 'parent' in xhci_regset struct 2019-02-20 20:18:23 +01:00
xhci-ext-caps.c xhci: Add Intel extended cap / otg phy mux handling 2018-03-22 13:40:10 +01:00
xhci-ext-caps.h xhci: Add Intel extended cap / otg phy mux handling 2018-03-22 13:40:10 +01:00
xhci-histb.c xhci: Fix leaking USB3 shared_hcd at xhci removal 2018-11-09 08:31:08 -08:00
xhci-hub.c xhci: add port and bus number to port dynamic debugging 2019-04-27 14:53:58 +02:00
xhci-mem.c usb: xhci: fix build warning - missing prototype 2019-02-21 10:54:22 +01:00
xhci-mtk-sch.c usb: xhci-mtk: supports SSP without external USB3 gen2 hub 2018-09-28 15:04:45 +02:00
xhci-mtk.c usb: xhci-mtk: get optional clock by devm_clk_get_optional() 2019-04-19 14:23:34 +02:00
xhci-mtk.h usb: xhci-mtk: supports bandwidth scheduling with multi-TT 2018-09-28 15:04:45 +02:00
xhci-mvebu.c usb: host: xhci: mvebu: add reset on resume quirk 2019-01-30 09:22:35 +01:00
xhci-mvebu.h usb: host: xhci: mvebu: add reset on resume quirk 2019-01-30 09:22:35 +01:00
xhci-pci.c usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI 2019-02-21 10:54:22 +01:00
xhci-plat.c usb: host: xhci-plat: get optional clock by devm_clk_get_optional() 2019-04-19 14:24:25 +02:00
xhci-plat.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.c usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk 2019-03-19 14:57:31 +01:00
xhci-rcar.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-ring.c xhci: update bounce buffer with correct sg num 2019-05-22 14:25:36 +02:00
xhci-tegra.c usb: host: xhci-tegra: Add Tegra186 XUSB support 2019-04-16 12:15:53 +02:00
xhci-trace.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.h usb: xhci: add endpoint context tracing when an endpoint is added 2019-04-27 14:53:58 +02:00
xhci.c usb: xhci: avoid null pointer deref when bos field is NULL 2019-05-22 14:25:37 +02:00
xhci.h xhci: Add tracing for input control context 2019-04-27 14:53:58 +02:00