leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9c1ed62ae0
linux/drivers/usb/gadget/udc
History
Jia-Ju Bai 9c1ed62ae0 usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() 
The driver may sleep while holding a spinlock.
The function call path (from bottom to top) in Linux 4.19 is:

drivers/usb/gadget/udc/core.c, 1175:
	kzalloc(GFP_KERNEL) in usb_add_gadget_udc_release
drivers/usb/gadget/udc/core.c, 1272:
	usb_add_gadget_udc_release in usb_add_gadget_udc
drivers/usb/gadget/udc/gr_udc.c, 2186:
	usb_add_gadget_udc in gr_probe
drivers/usb/gadget/udc/gr_udc.c, 2183:
	spin_lock in gr_probe

drivers/usb/gadget/udc/core.c, 1195:
	mutex_lock in usb_add_gadget_udc_release
drivers/usb/gadget/udc/core.c, 1272:
	usb_add_gadget_udc_release in usb_add_gadget_udc
drivers/usb/gadget/udc/gr_udc.c, 2186:
	usb_add_gadget_udc in gr_probe
drivers/usb/gadget/udc/gr_udc.c, 2183:
	spin_lock in gr_probe

drivers/usb/gadget/udc/gr_udc.c, 212:
	debugfs_create_file in gr_probe
drivers/usb/gadget/udc/gr_udc.c, 2197:
	gr_dfs_create in gr_probe
drivers/usb/gadget/udc/gr_udc.c, 2183:
    spin_lock in gr_probe

drivers/usb/gadget/udc/gr_udc.c, 2114:
	devm_request_threaded_irq in gr_request_irq
drivers/usb/gadget/udc/gr_udc.c, 2202:
	gr_request_irq in gr_probe
drivers/usb/gadget/udc/gr_udc.c, 2183:
    spin_lock in gr_probe

kzalloc(GFP_KERNEL), mutex_lock(), debugfs_create_file() and
devm_request_threaded_irq() can sleep at runtime.

To fix these possible bugs, usb_add_gadget_udc(), gr_dfs_create() and
gr_request_irq() are called without handling the spinlock.

These bugs are found by a static analysis tool STCheck written by myself.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-15 10:39:22 +01:00
..
aspeed-vhub USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
bdc USB: gadget: udc: clean up an indentation issue 2019-10-22 10:40:15 +03:00
amd5536udc_pci.c
amd5536udc.h
at91_udc.c usb: gadget: at91_udc: use devm_platform_ioremap_resource() to simplify code 2019-10-22 10:29:18 +03:00
at91_udc.h
atmel_usba_udc.c usb: gadget: udc: atmel: constify copied structure 2020-01-08 17:55:24 +01:00
atmel_usba_udc.h usb: gadget: atmel: support USB suspend 2019-05-03 09:13:49 +03:00
bcm63xx_udc.c usb: gadget: bcm63xx_udc: create debugfs directory under usb root 2019-11-14 11:16:35 +08:00
core.c usb: gadget: udc: core: Warn about failed to find udc 2020-01-15 10:39:21 +01:00
dummy_hcd.c USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein 2019-11-04 16:02:23 +01:00
fotg210-udc.c fotg210-udc: Remove unneeded variable 2019-06-18 11:58:29 +03:00
fotg210.h
fsl_mxc_udc.c headers: separate linux/mod_devicetable.h from linux/platform_device.h 2018-07-07 17:52:26 +02:00
fsl_qe_udc.c
fsl_qe_udc.h usb: Spelling s/enpoint/endpoint/ 2019-11-04 15:53:00 +01:00
fsl_udc_core.c USB: changes for v5.5 2019-11-18 08:24:12 +01:00
fsl_usb2_udc.h
fusb300_udc.c usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] 2019-06-06 13:51:57 +03:00
fusb300_udc.h
goku_udc.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
goku_udc.h usb: gadget: udc: change comparison to bitshift when dealing with a mask 2018-03-08 15:12:00 +02:00
gr_udc.c usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() 2020-01-15 10:39:22 +01:00
gr_udc.h USB: gadget: udc: gr_udc: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
Kconfig usb: udc: tegra: select USB_ROLE_SWITCH 2019-12-30 19:54:56 +01:00
lpc32xx_udc.c USB: changes for v5.5 2019-11-18 08:24:12 +01:00
m66592-udc.c
m66592-udc.h
Makefile usb: gadget: Add UDC driver for tegra XUSB device mode controller 2019-10-23 09:25:58 +03:00
mv_u3d_core.c
mv_u3d.h usb: Spelling s/enpoint/endpoint/ 2019-11-04 15:53:00 +01:00
mv_udc_core.c usb: gadget: udc: Remove unnecessary parentheses 2018-10-02 10:30:07 +03:00
mv_udc.h
net2272.c usb: gadget: net2272: remove redundant assignments to pointer 's' 2019-06-18 11:58:29 +03:00
net2272.h
net2280.c usb: gadget: net2280: Add workaround for AB chip Errata 11 2019-08-30 09:27:33 +03:00
net2280.h usb: gadget: net2280: Move all "ll" registers in one structure 2019-08-30 09:14:38 +03:00
omap_udc.c USB: omap_udc: use resource_size 2020-01-08 17:55:25 +01:00
omap_udc.h
pch_udc.c usb: gadget: pch_udc: fix use after free 2019-11-07 11:14:51 +01:00
pxa25x_udc.c usb: gadget: pxa25x_udc: use devm_platform_ioremap_resource() to simplify code 2019-10-22 10:29:37 +03:00
pxa25x_udc.h
pxa27x_udc.c usb: gadget: pxa27x: create debugfs directory under usb root 2019-11-14 17:50:09 +08:00
pxa27x_udc.h USB: gadget: udc: pxa27x_udc: no need to check return value of debugfs_create functions 2018-05-31 12:54:22 +02:00
r8a66597-udc.c usb: gadget: r8a66597-udc: use devm_platform_ioremap_resource() to simplify code 2019-10-22 10:29:52 +03:00
r8a66597-udc.h
renesas_usb3.c USB: changes for v5.5 2019-11-18 08:24:12 +01:00
s3c2410_udc.c usb: gadget: udc: s3c2410_udc: create debugfs directory under usb root 2019-11-14 17:50:09 +08:00
s3c2410_udc.h
s3c-hsudc.c usb: gadget: s3c-hsudc: use devm_platform_ioremap_resource() to simplify code 2019-10-22 10:30:01 +03:00
snps_udc_core.c usb: gadget: udc: reduce indentation 2019-01-28 12:51:30 +02:00
snps_udc_plat.c
tegra-xudc.c usb: gadget: Add UDC driver for tegra XUSB device mode controller 2019-10-23 09:25:58 +03:00
trace.c
trace.h gadget event trace : add request pointer 2017-12-11 12:36:49 +02:00
udc-xilinx.c usb: Remove dev_err() usage after platform_get_irq() 2019-07-30 20:29:18 +02:00