From patchwork Tue Aug 20 09:29:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?6IOh6L+e5Yuk?= X-Patchwork-Id: 820923 Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01on2086.outbound.protection.outlook.com [40.107.215.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78A3418C03F; Tue, 20 Aug 2024 09:29:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.215.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724146157; cv=fail; b=MlX2XTq2KiPeEumeOflsXg1SfQqdUOIP7HEg5NKksAmuKhywwvS6d4uRJe5KeG4q6Iy4gdTdXFfl28rbz9oFt8VLD339XfRJIxZ4X4mNA0Qh0AkCkHUK2LVzCw16Ss502ILmNL1fnEik/fcsu5sO+bnPyuh4wzc9f0g+5scTQK4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724146157; c=relaxed/simple; bh=W5qoVQM4JKqZ+hAvap7h2Xzc2IUO10iAg65FAQI5HXc=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=HC8u57VuH6ouF2zyNyRguIAhWCKHQUFKH7NqUHvAIPGgUP+/tCwlMKQ9WYaL588w7ZTPoCyUGQwLBsOI2YUHoxhiCrt/ECv5yOeubmp/35A+xHt8ji6gIcS0IYbA6HrlOWMKShzMER4JFi5u5JtvoZxw18pvvf4F6nkjG+cy8d4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com; spf=pass smtp.mailfrom=vivo.com; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b=WCQCXYsM; arc=fail smtp.client-ip=40.107.215.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=vivo.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=vivo.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=vivo.com header.i=@vivo.com header.b="WCQCXYsM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Cg+jyg3XZKwk+OdwnXvGgj8z+x5QoSWg+ImrfEaRHyki2sWittQplV2jyNWNvVQ05ca/tL21i/3TtsuyQlcF/HZTGsEHnD679QOaWby2ya3PCFteQMOseDzwlt32429OMkrE9IxL4Vt5yag7rzLW65gtCZSme0TjQUzCKNTaWofibWOCAv8RjYAD0+ANKZSBXLQ8o7syp/KSlcJ7riXf2mdJKWCrhuQl4HMh+AukCTiYes4oYeYi8hCgEIIGmyS5PHFp4KBjU9cwCnOLXD2WpE2TpWDHWBccEz1Iyb9jN3aJJIDLNs78gIA7xM0XWLPM0xJVCwaWW78eZGdFTGjRKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W5qoVQM4JKqZ+hAvap7h2Xzc2IUO10iAg65FAQI5HXc=; b=Wbgox81tUz+LR2X91mWxPYXss/urVmFqpgM9LRnSRPSELEFHd04kFC0GsEfl1itLBOffzYXntOXWFqoMmApDTvQGuBBnXjGbhms1j0gM8M3Y5Oa7ZJ6r56mf8iLs384prOc3LtUiPTiKs7sqXsH8S1cTVcQoBmennkRf7vl7I3dK9fFKDAhkbU206P+YQZziWVF9xwzhcHebSrGRqOhoL8W//Pb5JA56+3MIe4kkEkkuY7EqbzLaNycnhvlgce5k7HPzuzDyPNuBqlR/qGLLvvJdXSKK/ke/wmab8DheRBOXu7/atCtRygF+vn/Ui8qTZve4orneFq334+yjNXSj7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vivo.com; dmarc=pass action=none header.from=vivo.com; dkim=pass header.d=vivo.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivo.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W5qoVQM4JKqZ+hAvap7h2Xzc2IUO10iAg65FAQI5HXc=; b=WCQCXYsMRyBqV3BSznGF03HZhjakVo7pdfHef5dg0DQ2z4+XL/RqhYe1aXov9T971zqUr6WBEtMsHwVh7nFkJZI7u0zulYUAN39ozjdqWZrEipElZ+IHdPzreCxyiERiLxH4qq0AARwccmeS2M0cDyoYWoTlerMNVqzpZdnzKc4APaciwwR5Ia/hMwK9/bqZmIC5akXli+feniIlIt8Yla8gki/B+UaGGcvw5ejKmMg5aaiFsdDVyqNW6aCwFT+NZRwUbo9lv6DGsLAMCQZOu9Flxt4ZTWvXspbzFX4j1SzlynGLyY0xQnhnyksJbSuY8MQBY9DiJf+jSJ1g0nZPYQ== Received: from PUZPR06MB6224.apcprd06.prod.outlook.com (2603:1096:301:116::8) by SEZPR06MB7226.apcprd06.prod.outlook.com (2603:1096:101:234::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21; Tue, 20 Aug 2024 09:29:06 +0000 Received: from PUZPR06MB6224.apcprd06.prod.outlook.com ([fe80::d489:3d1:904e:8b73]) by PUZPR06MB6224.apcprd06.prod.outlook.com ([fe80::d489:3d1:904e:8b73%3]) with mapi id 15.20.7875.023; Tue, 20 Aug 2024 09:29:05 +0000 From: =?utf-8?b?6IOh6L+e5Yuk?= To: "gregkh@linuxfoundation.org" CC: "quic_prashk@quicinc.com" , "quic_jjohnson@quicinc.com" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , opensource.kernel , "akpm@linux-foundation.org" , Michael Nazzareno Trimarchi Subject: [PATCH v2] usb: gadget: u_serial: check Null pointer in EP callback Thread-Topic: [PATCH v2] usb: gadget: u_serial: check Null pointer in EP callback Thread-Index: Adry4ybSh1NbXw2tRg+lDnWYwqiqIw== Date: Tue, 20 Aug 2024 09:29:05 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vivo.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PUZPR06MB6224:EE_|SEZPR06MB7226:EE_ x-ms-office365-filtering-correlation-id: eb295d4d-c9e1-4b9f-2b14-08dcc0fa893d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|366016|1800799024|376014|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?8knCbsp+6GT/9pR7HS6QMlDMe64yfeS?= =?utf-8?q?9ccv3F5VhCOSigZ2oBkF1ERIfsDL2ks1BTWE/eCjlKYIKg+qo3izSn3r3KCpSGmLI?= =?utf-8?q?V/5SJsn32m0pEu2BdQagvfj4J6xN1dMUcYTs4WX7/ZWtzPxfWg2N4kOZbLDWepcyJ?= =?utf-8?q?/kTEFv2c1oqZFTfynNy/iklw4HSPKSnGJlJdLhWiow2OQN8F3XFkTp83hrTfdJeuZ?= =?utf-8?q?4gFVbh8ApG3Yfijcnvjtq5MN8ip6Ht7kTvl7t3e81em5A9W3S5Wfq7AK0/9n6MwLQ?= =?utf-8?q?eo6lAxtqznsNKxfD45wz8Y5H2fK4X+AiExUPCWkA2zsa7XQ7ih19oVboGjJPsyRVw?= =?utf-8?q?XrG8anS8qLTP8FBGG3TWRTaKfZl4oQkgWR/Nwkeb1gR/NpJLQ7c9J8lBZeXm72/pt?= =?utf-8?q?S24DsoXSYlgiFPqXEt79o3VPebI0NZXM3Biaz5kU6N7w2fbnJbZRlFW7hAtA1G9Qn?= =?utf-8?q?pA/OItcCHJGIX3TsTAjNeGSWDhxhLMRVmvzLlCop+zKV72iZln0k3HxubWvudW/Ql?= =?utf-8?q?6tU9U9jhJ3rnzIlXdhqGMkEjBc64u2T5SPZGW1gm23Hf6Mr6l/nB+PDrNB9V7kfj1?= =?utf-8?q?WgrQ/t5FuRCVoUJTG48i/oKvOL9nh4FZzrg3ZSxy9s/+7oxgNTVubYZGckA1AMxDl?= =?utf-8?q?bP2wSwwoukCAdBPMdkpEZiy9Yvf4Qp4QXiR9NOU+3QHP1NGauG7jPjoDtIEqCbOOG?= =?utf-8?q?G0vTOWyCQycjuAoaYjOzJKa6egg17sondS3sue/01Rc/xPJk4KPPYC2e7V9fCu7GW?= =?utf-8?q?lu+lnr9d+1GjzvHpQx+zkNL7x7qNTj9so+nMxMFpzbt9Gt/YnUk3R390cRun8i8bS?= =?utf-8?q?G9i+kOxxHW4utdEYoEFfNXU3AfWCTBj1Z9TOW9ij2FaqWjR8t21C3yEXO5DVQfBvw?= =?utf-8?q?RQMZ9ZL4Ja2ryYovF7yM0c9THldwPLC/eyITwhdZz1DO2+cnuuH8OZL0Gp4va6WG0?= =?utf-8?q?11iYm0lXHEcXoHl7ZNmtypOC6nTFsv7t5HvCQljxV3kBvHLXhrDld8IRvyfhljhxs?= =?utf-8?q?Nsmc7GqBpHVZ6qCufGen4eSwF6B+vZa+KHGSd22OVXRh/LdhJulBD64LyU6f6Yo/S?= =?utf-8?q?+4qXyC6+50gesPcyVmagVA2iXbBbx2GguT8svMdOMDP+hiigfTxCzsNzVBWnkSOIM?= =?utf-8?q?pX1fAJIjp8+h3ug2l4mRJmL27XPB2Z3DoB1LiBIpEflVF3JVE+F7GWtUVahCN3g0i?= =?utf-8?q?odfJ75xKjz//CtOqyy8MNanNTDT89kKloUZSmiwmPLKfs41Z7NRWxqk2ZkQPHCK0i?= =?utf-8?q?Sa3o6oxJruJLo520/64aTqfkcGHKl24qD2ETh3lGQzbjKsMUqFVFjLpqqmbGpOfFs?= =?utf-8?q?EzGvMKsLQOrCrWxjuT7Eyy7WfgO1VRYOhw=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:zh-cn; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PUZPR06MB6224.apcprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(1800799024)(376014)(38070700018); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?8ez3p4X5Xz5LUr3/mHaSAH1eMgVM?= =?utf-8?q?tQmObijBCnNnz6xI77u9CXb/lQtCvqAaTrF5fKULUvUZQK2nWNq7a00kkzMJUyg1m?= =?utf-8?q?DqWN7aqKjeQCABkM3q36AjmWB7Pei6BlLIV9C0yOBUInbrCar2cecmFsIdjj1HhNv?= =?utf-8?q?iqYTZ7x92u0Gd+Bm6N/JsQd1tY8bZyGEkf1AE/RxYZwO5O9p9Veu7NLEIV52NMRYa?= =?utf-8?q?xtVNn3P+X4vibpD1BM9Yn0X+Int5n4RKP9l/TTqXKgezz23lUZiPjTNYN573GtgDK?= =?utf-8?q?K1maN7w3Heguxe02BSp0BJEiGw/+7Ab81jMD2Ja6STxHe3muQ15ALP8ybVeVjW0eg?= =?utf-8?q?vPFezllkqTAdM4uqnW791ykm1MhnV/uC3yp9og64zsodxRXwDDok0MCMS3+cN73nL?= =?utf-8?q?YGcaBekUk4vWBtvAgSWLxXjuMMj3+q6GDR8sT21/zKKhoi00c7wGZE+K3XFGSWAvJ?= =?utf-8?q?cYC9eBQwzMWKAzK1xMXZU0GeNVLBQL2RGm67K4CHL9Aaua6kO5ZyBRHtUf+cFBJN+?= =?utf-8?q?ZXgerYU7cCcty47DKyfbhnYdC19Vouf6IaPJFb6vz59w5ozWbM53am/xzTwkWt0mJ?= =?utf-8?q?5gCwDt4CaThGLUbhvsmZb6/k4MvRiOzUTM6DM61VNo059gQAMomR1kjuOq3EVY5BH?= =?utf-8?q?jPbLP/yhHCS6Roh/H9a47UN3+H5pIJ8YruIeJKvTBL416F8Ecaf9ux9KfyULMJ5oY?= =?utf-8?q?UH8lVu926zAG9zkPOkjHV4RcKVuaehFrBTMfi1KNuTc7qu5aqQu6SK9Ifx7YXIA+L?= =?utf-8?q?F23XqcLKDP8Sf9oqt3ktpU/VLiswwPqY6a75SQeYl91HkhFpBOl2qjUAVQuWNWawr?= =?utf-8?q?G0B2kjepZaXfyjrt+xhi4WpoRnjcXjNZHB7EiNaP8b4v7FsiJx3ne6x6FGSf/qS2b?= =?utf-8?q?XhMnezcpBDF6syA7yUaKexJSjwZOzGPqcrzp0EgJslqN2to2tm+gdmMUlHV64iMXw?= =?utf-8?q?Q5dqVornx8WfO7QxVfe8fO3hF/nNOzKoPMC7xybgTbiyUJH5ROVehgtmLAuS2qiTs?= =?utf-8?q?jYFZvYwuzd5Hvm8afe+Ue6aSVofkdorK61YT1smOLK15DTvganndyEb4HjqutanT2?= =?utf-8?q?whVL1NxQFm6nXBs5adN5yAbSbGOTBPIUnVUW84KF7DVDOuQj7UESz7agXiu5X6GFo?= =?utf-8?q?hU3LW1KzHmLkJ0OAszt2dsI6RwZvSq856X0AlpmgCQOjYCs/6e7oR9UwqI6mq+lBw?= =?utf-8?q?q9bKi06m8Tnte9OLtrt+97elUBSSlzgIv240V6cxjcfPO1KaSlhviMByOxvqu0tEM?= =?utf-8?q?k0XR5otJL6SWb66I12V4GacfE4Xvat2cLksQnr61Y1Gey7c6VVAOAnS4V+CgWWAFI?= =?utf-8?q?nwl+UDQ6rAtV3KXrf37asMQIMj/C68xuyqs4Ofwc/1R7Yz0L0N+RirLf7RO2OGFT7?= =?utf-8?q?zQXpMqeXiIGiDL29J8wexvRiDwHbCf+wJ9xpH2fWdItxNFdA9vGx8fY3lTf2HrQHw?= =?utf-8?q?SCCPhSHvrHEs9pblZ4UlIQz5Ux5YTPP4bg/u24sDVUesIFUFWxmFotFY=3D?= Precedence: bulk X-Mailing-List: linux-usb@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: vivo.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PUZPR06MB6224.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: eb295d4d-c9e1-4b9f-2b14-08dcc0fa893d X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2024 09:29:05.6317 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 923e42dc-48d5-4cbe-b582-1a797a6412ed X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nYP8mjNQSRGzX68b3j+4x/QDN6L71zizS9+XxMUjr4bAdjqYFyd36cfPbdO7i21EGbAa6mY35f3Suk5p0aKpOw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR06MB7226 From: Lianqin Hu Added null pointer check to avoid system crash. Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr : usb_gadget_giveback_request+0x40/0x160 sp : ffffffc00f1539c0 x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000 x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000 x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8 x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098 x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000 x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000 x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8 Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal exception Signed-off-by: Lianqin Hu --- v2: - Optimize code comments - Delete log printing --- drivers/usb/gadget/function/u_serial.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) + /* When port is NULL, return to avoid panic. */ + if (!port) + return; + spin_lock(&port->port_lock); list_add(&req->list, &port->write_pool); port->write_started--; diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index b394105e55d6..65637d53bf02 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -454,6 +454,14 @@ static void gs_read_complete(struct usb_ep *ep, struct usb_request *req) { struct gs_port *port = ep->driver_data; + /* When port is NULL, return to avoid panic. */ + if (!port) + return; + /* Queue all received data until the tty layer is ready for it. */ spin_lock(&port->port_lock); list_add_tail(&req->list, &port->read_queue); @@ -465,6 +473,14 @@ static void gs_write_complete(struct usb_ep *ep, struct usb_request *req) { struct gs_port *port = ep->driver_data;