* [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
@ 2013-03-08 12:53 oskar.andero
2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero
0 siblings, 1 reply; 6+ messages in thread
From: oskar.andero @ 2013-03-08 12:53 UTC (permalink / raw)
To: linux-kernel, linux-usb
Cc: Greg Kroah-Hartman, Felipe Balbi, Truls Bengtsson,
Radovan Lekanovic, Oskar Andero
Hi,
When going through our patches to be mainlined I stumbled on this one which
we have fixed in many different ways internally.
The problem is a NULL pointer dereference that can be triggered by disconnecting
the USB cable at a specific time.
Before submitting the final patch I would like to hear which solution you'd
prefer. As I see it there are four different ways to fix the problem:
1) Remove the ERROR() call completely.
2) Add an if-statement on cdev in rndis_response_complete() and use pr_err() or
ERROR().
3) Globally update the ERROR() macro to handle the case where cdev is null.
4) Use the attached patch (RFC PATCH 1/1) where ERROR() is simply replaced with pr_err().
Thanks!
-Oskar
Truls Bengtsson (1):
usb: f_rndis: Avoid to use ERROR macro if cdev can be null
drivers/usb/gadget/f_rndis.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--
1.7.8.6
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
2013-03-08 12:53 [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null oskar.andero
@ 2013-03-08 12:53 ` oskar.andero
2013-03-08 19:56 ` Sergei Shtylyov
0 siblings, 1 reply; 6+ messages in thread
From: oskar.andero @ 2013-03-08 12:53 UTC (permalink / raw)
To: linux-kernel, linux-usb
Cc: Greg Kroah-Hartman, Felipe Balbi, Truls Bengtsson,
Radovan Lekanovic, Oskar Andero
From: Truls Bengtsson <truls.bengtsson@sonymobile.com>
The udc_irq service runs the isr_tr_complete_handler which in turn
"nukes" the endpoints, including a call to rndis_response_complete,
if appropriate. If the rndis_msg_parser fails here, an error will
be printed using a dev_err call (through the ERROR() macro).
However, if the usb cable was just disconnected the device (cdev)
might not be available and will be null. Since the dev_err macro will
dereference the cdev pointer we get a null pointer exception.
Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com>
Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com>
Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com>
---
drivers/usb/gadget/f_rndis.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
index 71beeb8..41b5ebd 100644
--- a/drivers/usb/gadget/f_rndis.c
+++ b/drivers/usb/gadget/f_rndis.c
@@ -6,6 +6,7 @@
* Copyright (C) 2008 Nokia Corporation
* Copyright (C) 2009 Samsung Electronics
* Author: Michal Nazarewicz (mina86@mina86.com)
+ * Copyright (C) 2013 Sony Mobile Communications AB.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -447,14 +448,13 @@ static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req)
{
struct f_rndis *rndis = req->context;
- struct usb_composite_dev *cdev = rndis->port.func.config->cdev;
int status;
/* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */
// spin_lock(&dev->lock);
status = rndis_msg_parser(rndis->config, (u8 *) req->buf);
if (status < 0)
- ERROR(cdev, "RNDIS command error %d, %d/%d\n",
+ pr_err("RNDIS command error %d, %d/%d\n",
status, req->actual, req->length);
// spin_unlock(&dev->lock);
}
--
1.7.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero
@ 2013-03-08 19:56 ` Sergei Shtylyov
2013-03-08 20:16 ` Greg Kroah-Hartman
0 siblings, 1 reply; 6+ messages in thread
From: Sergei Shtylyov @ 2013-03-08 19:56 UTC (permalink / raw)
To: oskar.andero
Cc: linux-kernel, linux-usb, Greg Kroah-Hartman, Felipe Balbi,
Truls Bengtsson, Radovan Lekanovic
Hello.
On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote:
> From: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> The udc_irq service runs the isr_tr_complete_handler which in turn
> "nukes" the endpoints, including a call to rndis_response_complete,
> if appropriate. If the rndis_msg_parser fails here, an error will
> be printed using a dev_err call (through the ERROR() macro).
> However, if the usb cable was just disconnected the device (cdev)
> might not be available and will be null. Since the dev_err macro will
> dereference the cdev pointer we get a null pointer exception.
> Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com>
> Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com>
> ---
> drivers/usb/gadget/f_rndis.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
> diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
> index 71beeb8..41b5ebd 100644
> --- a/drivers/usb/gadget/f_rndis.c
> +++ b/drivers/usb/gadget/f_rndis.c
> @@ -6,6 +6,7 @@
> * Copyright (C) 2008 Nokia Corporation
> * Copyright (C) 2009 Samsung Electronics
> * Author: Michal Nazarewicz (mina86@mina86.com)
> + * Copyright (C) 2013 Sony Mobile Communications AB.
Your change seems too insignificant to add a copyright.
WBR, Sergei
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
2013-03-08 19:56 ` Sergei Shtylyov
@ 2013-03-08 20:16 ` Greg Kroah-Hartman
2013-03-18 8:28 ` oskar.andero
0 siblings, 1 reply; 6+ messages in thread
From: Greg Kroah-Hartman @ 2013-03-08 20:16 UTC (permalink / raw)
To: Sergei Shtylyov, oskar.andero, linux-kernel, linux-usb,
Felipe Balbi, Truls Bengtsson, Radovan Lekanovic
On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote:
> Hello.
>
> On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote:
>
> >From: Truls Bengtsson <truls.bengtsson@sonymobile.com>
>
> >The udc_irq service runs the isr_tr_complete_handler which in turn
> >"nukes" the endpoints, including a call to rndis_response_complete,
> >if appropriate. If the rndis_msg_parser fails here, an error will
> >be printed using a dev_err call (through the ERROR() macro).
>
> >However, if the usb cable was just disconnected the device (cdev)
> >might not be available and will be null. Since the dev_err macro will
> >dereference the cdev pointer we get a null pointer exception.
>
> >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com>
> >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com>
> >---
> > drivers/usb/gadget/f_rndis.c | 4 ++--
> > 1 files changed, 2 insertions(+), 2 deletions(-)
>
> >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
> >index 71beeb8..41b5ebd 100644
> >--- a/drivers/usb/gadget/f_rndis.c
> >+++ b/drivers/usb/gadget/f_rndis.c
> >@@ -6,6 +6,7 @@
> > * Copyright (C) 2008 Nokia Corporation
> > * Copyright (C) 2009 Samsung Electronics
> > * Author: Michal Nazarewicz (mina86@mina86.com)
> >+ * Copyright (C) 2013 Sony Mobile Communications AB.
>
> Your change seems too insignificant to add a copyright.
You are right, it legally is. Truls, please consult your company's
lawyers if you have questions about this, you can not assert copyright
over a file for a 2 line change, that's not allowed at all in any
jurisdiction I know of.
Because of that, I can not accept this change, sorry.
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
2013-03-08 20:16 ` Greg Kroah-Hartman
@ 2013-03-18 8:28 ` oskar.andero
2013-03-18 15:18 ` Greg Kroah-Hartman
0 siblings, 1 reply; 6+ messages in thread
From: oskar.andero @ 2013-03-18 8:28 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Sergei Shtylyov, linux-kernel, linux-usb, Felipe Balbi,
Bengtsson, Truls, Lekanovic, Radovan
On 21:16 Fri 08 Mar , Greg Kroah-Hartman wrote:
> On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote:
> > Hello.
> >
> > On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote:
> >
> > >From: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> >
> > >The udc_irq service runs the isr_tr_complete_handler which in turn
> > >"nukes" the endpoints, including a call to rndis_response_complete,
> > >if appropriate. If the rndis_msg_parser fails here, an error will
> > >be printed using a dev_err call (through the ERROR() macro).
> >
> > >However, if the usb cable was just disconnected the device (cdev)
> > >might not be available and will be null. Since the dev_err macro will
> > >dereference the cdev pointer we get a null pointer exception.
> >
> > >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com>
> > >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> > >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com>
> > >---
> > > drivers/usb/gadget/f_rndis.c | 4 ++--
> > > 1 files changed, 2 insertions(+), 2 deletions(-)
> >
> > >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
> > >index 71beeb8..41b5ebd 100644
> > >--- a/drivers/usb/gadget/f_rndis.c
> > >+++ b/drivers/usb/gadget/f_rndis.c
> > >@@ -6,6 +6,7 @@
> > > * Copyright (C) 2008 Nokia Corporation
> > > * Copyright (C) 2009 Samsung Electronics
> > > * Author: Michal Nazarewicz (mina86@mina86.com)
> > >+ * Copyright (C) 2013 Sony Mobile Communications AB.
> >
> > Your change seems too insignificant to add a copyright.
>
> You are right, it legally is. Truls, please consult your company's
> lawyers if you have questions about this, you can not assert copyright
> over a file for a 2 line change, that's not allowed at all in any
> jurisdiction I know of.
>
> Because of that, I can not accept this change, sorry.
Thanks for your input guys and I totally agree with you! However, I was
expecting more comments on the cover-letter, or should I take it that this
solution is acceptable?
-Oskar
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null
2013-03-18 8:28 ` oskar.andero
@ 2013-03-18 15:18 ` Greg Kroah-Hartman
0 siblings, 0 replies; 6+ messages in thread
From: Greg Kroah-Hartman @ 2013-03-18 15:18 UTC (permalink / raw)
To: oskar.andero
Cc: Sergei Shtylyov, linux-kernel, linux-usb, Felipe Balbi,
Bengtsson, Truls, Lekanovic, Radovan
On Mon, Mar 18, 2013 at 09:28:07AM +0100, oskar.andero@sonymobile.com wrote:
> On 21:16 Fri 08 Mar , Greg Kroah-Hartman wrote:
> > On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote:
> > > Hello.
> > >
> > > On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote:
> > >
> > > >From: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> > >
> > > >The udc_irq service runs the isr_tr_complete_handler which in turn
> > > >"nukes" the endpoints, including a call to rndis_response_complete,
> > > >if appropriate. If the rndis_msg_parser fails here, an error will
> > > >be printed using a dev_err call (through the ERROR() macro).
> > >
> > > >However, if the usb cable was just disconnected the device (cdev)
> > > >might not be available and will be null. Since the dev_err macro will
> > > >dereference the cdev pointer we get a null pointer exception.
> > >
> > > >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com>
> > > >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com>
> > > >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com>
> > > >---
> > > > drivers/usb/gadget/f_rndis.c | 4 ++--
> > > > 1 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
> > > >index 71beeb8..41b5ebd 100644
> > > >--- a/drivers/usb/gadget/f_rndis.c
> > > >+++ b/drivers/usb/gadget/f_rndis.c
> > > >@@ -6,6 +6,7 @@
> > > > * Copyright (C) 2008 Nokia Corporation
> > > > * Copyright (C) 2009 Samsung Electronics
> > > > * Author: Michal Nazarewicz (mina86@mina86.com)
> > > >+ * Copyright (C) 2013 Sony Mobile Communications AB.
> > >
> > > Your change seems too insignificant to add a copyright.
> >
> > You are right, it legally is. Truls, please consult your company's
> > lawyers if you have questions about this, you can not assert copyright
> > over a file for a 2 line change, that's not allowed at all in any
> > jurisdiction I know of.
> >
> > Because of that, I can not accept this change, sorry.
>
> Thanks for your input guys and I totally agree with you! However, I was
> expecting more comments on the cover-letter, or should I take it that this
> solution is acceptable?
I don't remember, please resend the series after fixing the issues
pointed out.
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-03-18 15:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-08 12:53 [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null oskar.andero
2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero
2013-03-08 19:56 ` Sergei Shtylyov
2013-03-08 20:16 ` Greg Kroah-Hartman
2013-03-18 8:28 ` oskar.andero
2013-03-18 15:18 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).