leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cf97d7af24
linux/drivers/usb
History
Pawel Laszczak cf97d7af24
usb: cdnsp: Fixes issue with dequeuing requests after disabling endpoint 
Patch fixes the bug:
BUG: kernel NULL pointer dereference, address: 0000000000000050
PGD 0 P4D 0
Oops: 0002 [#1] SMP PTI
CPU: 0 PID: 4137 Comm: uvc-gadget Tainted: G           OE     5.10.0-next-20201214+ #3
Hardware name: ASUS All Series/Q87T, BIOS 0908 07/22/2014
RIP: 0010:cdnsp_remove_request+0xe9/0x530 [cdnsp_udc_pci]
Code: 01 00 00 31 f6 48 89 df e8 64 d4 ff ff 48 8b 43 08 48 8b 13 45 31 f6 48 89 42 08 48 89 10 b8 98 ff ff ff 48 89 1b 48 89 5b 08 <41> 83 6d 50 01 41 83 af d0 00 00 00 01 41 f6 84 24 78 20 00 00 08
RSP: 0018:ffffb68d00d07b60 EFLAGS: 00010046
RAX: 00000000ffffff98 RBX: ffff9d29c57fbf00 RCX: 0000000000001400
RDX: ffff9d29c57fbf00 RSI: 0000000000000000 RDI: ffff9d29c57fbf00
RBP: ffffb68d00d07bb0 R08: ffff9d2ad9510a00 R09: ffff9d2ac011c000
R10: ffff9d2a12b6e760 R11: 0000000000000000 R12: ffff9d29d3fb8000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff9d29d3fb88c0
FS:  0000000000000000(0000) GS:ffff9d2adba00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000050 CR3: 0000000102164005 CR4: 00000000001706f0
Call Trace:
 cdnsp_ep_dequeue+0x3c/0x90 [cdnsp_udc_pci]
 cdnsp_gadget_ep_dequeue+0x3f/0x80 [cdnsp_udc_pci]
 usb_ep_dequeue+0x21/0x70 [udc_core]
 uvcg_video_enable+0x19d/0x220 [usb_f_uvc]
 uvc_v4l2_release+0x49/0x90 [usb_f_uvc]
 v4l2_release+0xa5/0x100 [videodev]
 __fput+0x99/0x250
 ____fput+0xe/0x10
 task_work_run+0x75/0xb0
 do_exit+0x370/0xb80
 do_group_exit+0x43/0xa0
 get_signal+0x12d/0x820
 arch_do_signal_or_restart+0xb2/0x870
 ? __switch_to_asm+0x36/0x70
 ? kern_select+0xc6/0x100
 exit_to_user_mode_prepare+0xfc/0x170
 syscall_exit_to_user_mode+0x2a/0x40
 do_syscall_64+0x43/0x80
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fe969cf5dd7
Code: Unable to access opcode bytes at RIP 0x7fe969cf5dad.

Problem occurs for UVC class. During disconnecting the UVC class disable
endpoints and then start dequeuing all requests. This leads to situation
where requests are removed twice. The first one in
cdnsp_gadget_ep_disable and the second in cdnsp_gadget_ep_dequeue
function.
Patch adds condition in cdnsp_gadget_ep_dequeue function which allows
dequeue requests only from enabled endpoint.

Fixes: 3d82904559 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
Signed-off-by: Pawel Laszczak <pawell@cadence.com>
Signed-off-by: Peter Chen <peter.chen@kernel.org>
2021-03-27 08:59:46 +08:00
..
atm drivers: usb: atm: use pr_err() and pr_warn() instead of raw printk() 2020-12-09 15:22:51 +01:00
c67x00 usb/c67x00: Replace tasklet with work 2021-01-26 18:36:37 +01:00
cdns3 usb: cdnsp: Fixes issue with dequeuing requests after disabling endpoint 2021-03-27 08:59:46 +08:00
chipidea usb: chipidea: tegra: Specify TX FIFO threshold in UDC SoC info 2021-01-13 11:26:34 +01:00
class USB-serial updates for 5.12-rc1 2021-02-10 15:58:04 +01:00
common usb: common: Parse for USB SSP genXxY 2021-02-06 14:21:21 +01:00
core Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
dwc2 Merge 5.11-rc7 into usb-next 2021-02-08 09:09:27 +01:00
dwc3 Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
early usb: early: ehci-dbgp: convert to readl_poll_timeout_atomic() 2020-09-25 16:29:09 +02:00
gadget Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
host ARM updates for 5.12-rc1: 2021-02-22 14:27:07 -08:00
image USB: microtek: use set_host_byte() 2020-09-16 12:42:10 +02:00
isp1760 usb: isp1760-hcd: convert to readl_poll_timeout_atomic() 2020-09-25 16:30:05 +02:00
misc Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
mon
mtu3 usb: mtu3: fix memory corruption in mtu3_debugfs_regset() 2020-12-07 15:26:18 +01:00
musb usb: musb: jz4740: Add missing CR to error strings 2021-02-05 10:27:18 +01:00
phy usb: phy: phy-mxs-usb: Use of_device_get_match_data() 2021-01-18 18:35:46 +01:00
renesas_usbhs usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() 2021-02-01 14:09:46 +01:00
roles device connection: Remove struct device_connection 2020-09-07 11:14:09 +02:00
serial usb: Replace lkml.org links with lore 2021-02-11 13:50:46 +01:00
storage usb: uas: Add PNY USB Portable SSD to unusual_uas 2021-01-05 14:05:10 +01:00
typec usb: typec: tcpm: Get Sink VDO from fwnode 2021-02-09 11:48:55 +01:00
usbip Merge 5.11-rc3 into usb-next 2021-01-11 08:11:26 +01:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver 2020-12-29 12:36:13 +08:00
usb-skeleton.c