Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-05 19:41:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
203a86613f
linux/drivers/usb
History
Sarah Sharp 203a86613f xhci: Avoid NULL pointer deref when host dies. 
When the host controller fails to respond to an Enable Slot command, and
the host fails to respond to the register write to abort the command
ring, the xHCI driver will assume the host is dead, and call
usb_hc_died().

The USB device's slot_id is still set to zero, and the pointer stored at
xhci->devs[0] will always be NULL.  The call to xhci_check_args in
xhci_free_dev should have caught the NULL virt_dev pointer.

However, xhci_free_dev is designed to free the xhci_virt_device
structures, even if the host is dead, so that we don't leak kernel
memory.  xhci_free_dev checks the return value from the generic
xhci_check_args function.  If the return value is -ENODEV, it carries on
trying to free the virtual device.

The issue is that xhci_check_args looks at the host controller state
before it looks at the xhci_virt_device pointer.  It will return -ENIVAL
because the host is dead, and xhci_free_dev will ignore the return
value, and happily dereference the NULL xhci_virt_device pointer.

The fix is to make sure that xhci_check_args checks the xhci_virt_device
pointer before it checks the host state.

See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1203453 for
further details.  This patch doesn't solve the underlying issue, but
will ensure we don't see any more NULL pointer dereferences because of
the issue.

This patch should be backported to kernels as old as 3.1, that
contain the commit 7bd89b4017 "xhci: Don't
submit commands or URBs to halted hosts."

Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Reported-by: Vincent Thiele <vincentthiele@gmail.com>
Cc: stable@vger.kernel.org
2013-07-25 08:09:23 -07:00
..
atm drivers: avoid parsing names as kthread_run() format strings 2013-07-03 16:07:41 -07:00
c67x00
chipidea Device tree updates for v3.11 2013-07-04 15:51:45 -07:00
class USB: cdc-acm: remove unneeded spin_lock_irqsave/restore on write path 2013-06-17 13:37:07 -07:00
core USB: global suspend and remote wakeup don't mix 2013-07-16 15:33:02 -07:00
dwc3 usb: dwc3: USB_DWC3 should depend on HAS_DMA 2013-07-15 13:05:27 +03:00
early
gadget usb: gadget: don't fail when DMA isn't present 2013-07-15 13:05:29 +03:00
host xhci: Avoid NULL pointer deref when host dies. 2013-07-25 08:09:23 -07:00
image USB: regroup all depends on USB within an if USB block 2013-04-09 16:49:07 -07:00
misc USB: misc: Add Manhattan Hi-Speed USB DVI Converter to sisusbvga 2013-07-22 11:29:26 -07:00
mon USB: regroup all depends on USB within an if USB block 2013-04-09 16:49:07 -07:00
musb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
phy usb: phy: omap-usb3: fix dpll clock index 2013-07-15 13:05:30 +03:00
renesas_usbhs usb: renesas_usbhs: gadget: remove extra check on udc_stop 2013-07-15 13:01:24 +03:00
serial usb: option: add TP-LINK MA260 2013-07-23 16:07:51 -07:00
storage USB: storage: Add MicroVault Flash Drive to unusual_devs 2013-07-22 11:29:26 -07:00
wusbcore USB: HWA: fix device probe failure 2013-06-24 16:20:43 -07:00
Kconfig USB: Check for ARCH_EXYNOS separately 2013-06-19 01:25:48 +09:00
Makefile usb host: Faraday USB2.0 FUSBH200-HCD driver 2013-05-17 10:12:52 -07:00
README
usb-common.c usb: add devicetree helpers for determining dr_mode and phy_type 2013-06-17 13:47:09 -07:00
usb-skeleton.c USB: usb-skeleton.c: fix blocked forever in skel_read 2013-03-25 13:32:20 -07:00

README 

To understand all the Linux-USB framework, you'll use these resources:

    * This source code.  This is necessarily an evolving work, and
      includes kerneldoc that should help you get a current overview.
      ("make pdfdocs", and then look at "usb.pdf" for host side and
      "gadget.pdf" for peripheral side.)  Also, Documentation/usb has
      more information.

    * The USB 2.0 specification (from www.usb.org), with supplements
      such as those for USB OTG and the various device classes.
      The USB specification has a good overview chapter, and USB
      peripherals conform to the widely known "Chapter 9".

    * Chip specifications for USB controllers.  Examples include
      host controllers (on PCs, servers, and more); peripheral
      controllers (in devices with Linux firmware, like printers or
      cell phones); and hard-wired peripherals like Ethernet adapters.

    * Specifications for other protocols implemented by USB peripheral
      functions.  Some are vendor-specific; others are vendor-neutral
      but just standardized outside of the www.usb.org team.

Here is a list of what each subdirectory here is, and what is contained in
them.

core/		- This is for the core USB host code, including the
		  usbfs files and the hub class driver ("khubd").

host/		- This is for USB host controller drivers.  This
		  includes UHCI, OHCI, EHCI, and others that might
		  be used with more specialized "embedded" systems.

gadget/		- This is for USB peripheral controller drivers and
		  the various gadget drivers which talk to them.


Individual USB driver directories.  A new driver should be added to the
first subdirectory in the list below that it fits into.

image/		- This is for still image drivers, like scanners or
		  digital cameras.
../input/	- This is for any driver that uses the input subsystem,
		  like keyboard, mice, touchscreens, tablets, etc.
../media/	- This is for multimedia drivers, like video cameras,
		  radios, and any other drivers that talk to the v4l
		  subsystem.
../net/		- This is for network drivers.
serial/		- This is for USB to serial drivers.
storage/	- This is for USB mass-storage drivers.
class/		- This is for all USB device drivers that do not fit
		  into any of the above categories, and work for a range
		  of USB Class specified devices. 
misc/		- This is for all USB device drivers that do not fit
		  into any of the above categories.