* [PATCH 0/2] musb fixes for v5.5-rc2 @ 2019-12-10 16:54 Bin Liu 2019-12-10 16:54 ` [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev Bin Liu 2019-12-10 16:54 ` [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() Bin Liu 0 siblings, 2 replies; 11+ messages in thread From: Bin Liu @ 2019-12-10 16:54 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: linux-usb Hi Greg, Here are couple patches for musb fixes for v5.5 -rc. Please let me know if any change is needed. Regards, -Bin. --- Jia-Ju Bai (1): usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() Mans Rullgard (1): usb: musb: sunxi: propagate devicetree node to glue pdev drivers/usb/musb/musb_core.c | 3 ++- drivers/usb/musb/sunxi.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) -- 2.17.1 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev 2019-12-10 16:54 [PATCH 0/2] musb fixes for v5.5-rc2 Bin Liu @ 2019-12-10 16:54 ` Bin Liu 2019-12-11 8:05 ` Greg Kroah-Hartman 2019-12-10 16:54 ` [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() Bin Liu 1 sibling, 1 reply; 11+ messages in thread From: Bin Liu @ 2019-12-10 16:54 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: linux-usb From: Mans Rullgard <mans@mansr.com> In order for devicetree nodes to be correctly associated with attached devices, the controller node needs to be propagated to the glue device. Signed-off-by: Mans Rullgard <mans@mansr.com> Signed-off-by: Bin Liu <b-liu@ti.com> --- drivers/usb/musb/sunxi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/musb/sunxi.c b/drivers/usb/musb/sunxi.c index 832a41f9ee7d..a72665fbf111 100644 --- a/drivers/usb/musb/sunxi.c +++ b/drivers/usb/musb/sunxi.c @@ -781,6 +781,8 @@ static int sunxi_musb_probe(struct platform_device *pdev) pinfo.name = "musb-hdrc"; pinfo.id = PLATFORM_DEVID_AUTO; pinfo.parent = &pdev->dev; + pinfo.fwnode = of_fwnode_handle(pdev->dev.of_node); + pinfo.of_node_reused = true; pinfo.res = pdev->resource; pinfo.num_res = pdev->num_resources; pinfo.data = &pdata; -- 2.17.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev 2019-12-10 16:54 ` [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev Bin Liu @ 2019-12-11 8:05 ` Greg Kroah-Hartman 2019-12-11 8:49 ` Johan Hovold 0 siblings, 1 reply; 11+ messages in thread From: Greg Kroah-Hartman @ 2019-12-11 8:05 UTC (permalink / raw) To: Bin Liu; +Cc: linux-usb On Tue, Dec 10, 2019 at 10:54:53AM -0600, Bin Liu wrote: > From: Mans Rullgard <mans@mansr.com> > > In order for devicetree nodes to be correctly associated with attached > devices, the controller node needs to be propagated to the glue device. > > Signed-off-by: Mans Rullgard <mans@mansr.com> > Signed-off-by: Bin Liu <b-liu@ti.com> > --- > drivers/usb/musb/sunxi.c | 2 ++ > 1 file changed, 2 insertions(+) Does this need to go to stable kernel(s)? If so, what commit does this fix fix? thanks, greg k-h ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev 2019-12-11 8:05 ` Greg Kroah-Hartman @ 2019-12-11 8:49 ` Johan Hovold 2019-12-11 8:51 ` Greg Kroah-Hartman 0 siblings, 1 reply; 11+ messages in thread From: Johan Hovold @ 2019-12-11 8:49 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: Bin Liu, linux-usb On Wed, Dec 11, 2019 at 09:05:28AM +0100, Greg Kroah-Hartman wrote: > On Tue, Dec 10, 2019 at 10:54:53AM -0600, Bin Liu wrote: > > From: Mans Rullgard <mans@mansr.com> > > > > In order for devicetree nodes to be correctly associated with attached > > devices, the controller node needs to be propagated to the glue device. > > > > Signed-off-by: Mans Rullgard <mans@mansr.com> > > Signed-off-by: Bin Liu <b-liu@ti.com> > > --- > > drivers/usb/musb/sunxi.c | 2 ++ > > 1 file changed, 2 insertions(+) > > Does this need to go to stable kernel(s)? If so, what commit does this > fix fix? No, I'd say it's a new feature. Johan ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev 2019-12-11 8:49 ` Johan Hovold @ 2019-12-11 8:51 ` Greg Kroah-Hartman 2019-12-11 8:53 ` Johan Hovold 0 siblings, 1 reply; 11+ messages in thread From: Greg Kroah-Hartman @ 2019-12-11 8:51 UTC (permalink / raw) To: Johan Hovold; +Cc: Bin Liu, linux-usb On Wed, Dec 11, 2019 at 09:49:35AM +0100, Johan Hovold wrote: > On Wed, Dec 11, 2019 at 09:05:28AM +0100, Greg Kroah-Hartman wrote: > > On Tue, Dec 10, 2019 at 10:54:53AM -0600, Bin Liu wrote: > > > From: Mans Rullgard <mans@mansr.com> > > > > > > In order for devicetree nodes to be correctly associated with attached > > > devices, the controller node needs to be propagated to the glue device. > > > > > > Signed-off-by: Mans Rullgard <mans@mansr.com> > > > Signed-off-by: Bin Liu <b-liu@ti.com> > > > --- > > > drivers/usb/musb/sunxi.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > Does this need to go to stable kernel(s)? If so, what commit does this > > fix fix? > > No, I'd say it's a new feature. Then why is it needed for 5.5-final and not for 5.6-rc1? thanks, greg k-h ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev 2019-12-11 8:51 ` Greg Kroah-Hartman @ 2019-12-11 8:53 ` Johan Hovold 0 siblings, 0 replies; 11+ messages in thread From: Johan Hovold @ 2019-12-11 8:53 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: Johan Hovold, Bin Liu, linux-usb On Wed, Dec 11, 2019 at 09:51:22AM +0100, Greg Kroah-Hartman wrote: > On Wed, Dec 11, 2019 at 09:49:35AM +0100, Johan Hovold wrote: > > On Wed, Dec 11, 2019 at 09:05:28AM +0100, Greg Kroah-Hartman wrote: > > > On Tue, Dec 10, 2019 at 10:54:53AM -0600, Bin Liu wrote: > > > > From: Mans Rullgard <mans@mansr.com> > > > > > > > > In order for devicetree nodes to be correctly associated with attached > > > > devices, the controller node needs to be propagated to the glue device. > > > > > > > > Signed-off-by: Mans Rullgard <mans@mansr.com> > > > > Signed-off-by: Bin Liu <b-liu@ti.com> > > > > --- > > > > drivers/usb/musb/sunxi.c | 2 ++ > > > > 1 file changed, 2 insertions(+) > > > > > > Does this need to go to stable kernel(s)? If so, what commit does this > > > fix fix? > > > > No, I'd say it's a new feature. > > Then why is it needed for 5.5-final and not for 5.6-rc1? Right, it shouldn't be needed in 5.5. Johan ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() 2019-12-10 16:54 [PATCH 0/2] musb fixes for v5.5-rc2 Bin Liu 2019-12-10 16:54 ` [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev Bin Liu @ 2019-12-10 16:54 ` Bin Liu 2019-12-11 8:09 ` Greg Kroah-Hartman 1 sibling, 1 reply; 11+ messages in thread From: Bin Liu @ 2019-12-10 16:54 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: linux-usb From: Jia-Ju Bai <baijiaju1990@gmail.com> In musb_handle_intr_connect(), there is an if statement on line 783 to check whether musb->hcd is NULL: if (musb->hcd) When musb->hcd is NULL, it is used on line 797: musb_host_poke_root_hub(musb); if (musb->hcd->status_urb) Thus, a possible null-pointer dereference may occur. To fix this bug, musb->hcd is checked before calling musb_host_poke_root_hub(). This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Bin Liu <b-liu@ti.com> --- drivers/usb/musb/musb_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c index 15cca912c53e..5080fc6a0808 100644 --- a/drivers/usb/musb/musb_core.c +++ b/drivers/usb/musb/musb_core.c @@ -794,7 +794,8 @@ static void musb_handle_intr_connect(struct musb *musb, u8 devctl, u8 int_usb) break; } - musb_host_poke_root_hub(musb); + if (musb->hcd) + musb_host_poke_root_hub(musb); musb_dbg(musb, "CONNECT (%s) devctl %02x", usb_otg_state_string(musb->xceiv->otg->state), devctl); -- 2.17.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() 2019-12-10 16:54 ` [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() Bin Liu @ 2019-12-11 8:09 ` Greg Kroah-Hartman 2019-12-11 9:10 ` Jia-Ju Bai 0 siblings, 1 reply; 11+ messages in thread From: Greg Kroah-Hartman @ 2019-12-11 8:09 UTC (permalink / raw) To: Jia-Ju Bai, Bin Liu; +Cc: linux-usb On Tue, Dec 10, 2019 at 10:54:54AM -0600, Bin Liu wrote: > From: Jia-Ju Bai <baijiaju1990@gmail.com> > > In musb_handle_intr_connect(), there is an if statement on line 783 to > check whether musb->hcd is NULL: > if (musb->hcd) > > When musb->hcd is NULL, it is used on line 797: > musb_host_poke_root_hub(musb); > if (musb->hcd->status_urb) > > Thus, a possible null-pointer dereference may occur. Maybe, if musb->hcd really ever could be NULL. In looking at the code, I don't see where that could happen, do you? Why is that check there in the first place? What sets musb->hcd to NULL in the first place? thanks, greg k-h ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() 2019-12-11 8:09 ` Greg Kroah-Hartman @ 2019-12-11 9:10 ` Jia-Ju Bai 2019-12-11 9:20 ` Greg Kroah-Hartman 0 siblings, 1 reply; 11+ messages in thread From: Jia-Ju Bai @ 2019-12-11 9:10 UTC (permalink / raw) To: Greg Kroah-Hartman, Bin Liu; +Cc: linux-usb On 2019/12/11 16:09, Greg Kroah-Hartman wrote: > On Tue, Dec 10, 2019 at 10:54:54AM -0600, Bin Liu wrote: >> From: Jia-Ju Bai <baijiaju1990@gmail.com> >> >> In musb_handle_intr_connect(), there is an if statement on line 783 to >> check whether musb->hcd is NULL: >> if (musb->hcd) >> >> When musb->hcd is NULL, it is used on line 797: >> musb_host_poke_root_hub(musb); >> if (musb->hcd->status_urb) >> >> Thus, a possible null-pointer dereference may occur. > Maybe, if musb->hcd really ever could be NULL. > > In looking at the code, I don't see where that could happen, do you? > Why is that check there in the first place? > > What sets musb->hcd to NULL in the first place? In fact, my static analysis tool identifies an if check about musb->hcd, so it infers that musb->hcd could be NULL here. But it does not try to find any explicit place that set musb->hcd to NULL. If musb->hcd is never NULL here, we can just delete the related if check. Best wishes, Jia-Ju Bai ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() 2019-12-11 9:10 ` Jia-Ju Bai @ 2019-12-11 9:20 ` Greg Kroah-Hartman 2019-12-17 8:26 ` Jia-Ju Bai 0 siblings, 1 reply; 11+ messages in thread From: Greg Kroah-Hartman @ 2019-12-11 9:20 UTC (permalink / raw) To: Jia-Ju Bai; +Cc: Bin Liu, linux-usb On Wed, Dec 11, 2019 at 05:10:17PM +0800, Jia-Ju Bai wrote: > > > On 2019/12/11 16:09, Greg Kroah-Hartman wrote: > > On Tue, Dec 10, 2019 at 10:54:54AM -0600, Bin Liu wrote: > > > From: Jia-Ju Bai <baijiaju1990@gmail.com> > > > > > > In musb_handle_intr_connect(), there is an if statement on line 783 to > > > check whether musb->hcd is NULL: > > > if (musb->hcd) > > > > > > When musb->hcd is NULL, it is used on line 797: > > > musb_host_poke_root_hub(musb); > > > if (musb->hcd->status_urb) > > > > > > Thus, a possible null-pointer dereference may occur. > > Maybe, if musb->hcd really ever could be NULL. > > > > In looking at the code, I don't see where that could happen, do you? > > Why is that check there in the first place? > > > > What sets musb->hcd to NULL in the first place? > > In fact, my static analysis tool identifies an if check about musb->hcd, so > it infers that musb->hcd could be NULL here. > But it does not try to find any explicit place that set musb->hcd to NULL. Can it do that? > If musb->hcd is never NULL here, we can just delete the related if check. I agree :) thanks, greg k-h ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() 2019-12-11 9:20 ` Greg Kroah-Hartman @ 2019-12-17 8:26 ` Jia-Ju Bai 0 siblings, 0 replies; 11+ messages in thread From: Jia-Ju Bai @ 2019-12-17 8:26 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: Bin Liu, linux-usb On 2019/12/11 17:20, Greg Kroah-Hartman wrote: > On Wed, Dec 11, 2019 at 05:10:17PM +0800, Jia-Ju Bai wrote: >> >> On 2019/12/11 16:09, Greg Kroah-Hartman wrote: >>> On Tue, Dec 10, 2019 at 10:54:54AM -0600, Bin Liu wrote: >>>> From: Jia-Ju Bai <baijiaju1990@gmail.com> >>>> >>>> In musb_handle_intr_connect(), there is an if statement on line 783 to >>>> check whether musb->hcd is NULL: >>>> if (musb->hcd) >>>> >>>> When musb->hcd is NULL, it is used on line 797: >>>> musb_host_poke_root_hub(musb); >>>> if (musb->hcd->status_urb) >>>> >>>> Thus, a possible null-pointer dereference may occur. >>> Maybe, if musb->hcd really ever could be NULL. >>> >>> In looking at the code, I don't see where that could happen, do you? >>> Why is that check there in the first place? >>> >>> What sets musb->hcd to NULL in the first place? >> In fact, my static analysis tool identifies an if check about musb->hcd, so >> it infers that musb->hcd could be NULL here. >> But it does not try to find any explicit place that set musb->hcd to NULL. > Can it do that? Not yet... > >> If musb->hcd is never NULL here, we can just delete the related if check. > I agree :) Okay, I will send a new patch that delete the if check. Best wishes, Jia-Ju Bai ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-12-17 8:26 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-12-10 16:54 [PATCH 0/2] musb fixes for v5.5-rc2 Bin Liu 2019-12-10 16:54 ` [PATCH 1/2] usb: musb: sunxi: propagate devicetree node to glue pdev Bin Liu 2019-12-11 8:05 ` Greg Kroah-Hartman 2019-12-11 8:49 ` Johan Hovold 2019-12-11 8:51 ` Greg Kroah-Hartman 2019-12-11 8:53 ` Johan Hovold 2019-12-10 16:54 ` [PATCH 2/2] usb: musb: Fix a possible null-pointer dereference in musb_handle_intr_connect() Bin Liu 2019-12-11 8:09 ` Greg Kroah-Hartman 2019-12-11 9:10 ` Jia-Ju Bai 2019-12-11 9:20 ` Greg Kroah-Hartman 2019-12-17 8:26 ` Jia-Ju Bai
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).