From: Chunfeng Yun <chunfeng.yun@mediatek.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>,
<linux-usb@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<linux-kernel@vger.kernel.org>,
Eddie Hung <eddie.hung@mediatek.com>, <stable@vger.kernel.org>,
Yuwen Ng <yuwen.ng@mediatek.com>
Subject: [PATCH v2 3/4] usb: mtu3: fix list_head check warning
Date: Sat, 18 Dec 2021 17:57:48 +0800 [thread overview]
Message-ID: <20211218095749.6250-3-chunfeng.yun@mediatek.com> (raw)
In-Reply-To: <20211218095749.6250-1-chunfeng.yun@mediatek.com>
This is caused by uninitialization of list_head.
BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4
Fixes: 83374e035b62 ("usb: mtu3: add tracepoints to help debug")
Cc: stable@vger.kernel.org
Reported-by: Yuwen Ng <yuwen.ng@mediatek.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
---
v2: add Fixes and Cc suggested by Greg
---
drivers/usb/mtu3/mtu3_gadget.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c
index c51be015345b..b6c8a4a99c4d 100644
--- a/drivers/usb/mtu3/mtu3_gadget.c
+++ b/drivers/usb/mtu3/mtu3_gadget.c
@@ -235,6 +235,7 @@ struct usb_request *mtu3_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
mreq->request.dma = DMA_ADDR_INVALID;
mreq->epnum = mep->epnum;
mreq->mep = mep;
+ INIT_LIST_HEAD(&mreq->list);
trace_mtu3_alloc_request(mreq);
return &mreq->request;
--
2.18.0
WARNING: multiple messages have this Message-ID (diff)
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>,
<linux-usb@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<linux-kernel@vger.kernel.org>,
"Eddie Hung" <eddie.hung@mediatek.com>, <stable@vger.kernel.org>,
Yuwen Ng <yuwen.ng@mediatek.com>
Subject: [PATCH v2 3/4] usb: mtu3: fix list_head check warning
Date: Sat, 18 Dec 2021 17:57:48 +0800 [thread overview]
Message-ID: <20211218095749.6250-3-chunfeng.yun@mediatek.com> (raw)
In-Reply-To: <20211218095749.6250-1-chunfeng.yun@mediatek.com>
This is caused by uninitialization of list_head.
BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4
Fixes: 83374e035b62 ("usb: mtu3: add tracepoints to help debug")
Cc: stable@vger.kernel.org
Reported-by: Yuwen Ng <yuwen.ng@mediatek.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
---
v2: add Fixes and Cc suggested by Greg
---
drivers/usb/mtu3/mtu3_gadget.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c
index c51be015345b..b6c8a4a99c4d 100644
--- a/drivers/usb/mtu3/mtu3_gadget.c
+++ b/drivers/usb/mtu3/mtu3_gadget.c
@@ -235,6 +235,7 @@ struct usb_request *mtu3_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
mreq->request.dma = DMA_ADDR_INVALID;
mreq->epnum = mep->epnum;
mreq->mep = mep;
+ INIT_LIST_HEAD(&mreq->list);
trace_mtu3_alloc_request(mreq);
return &mreq->request;
--
2.18.0
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Felipe Balbi <felipe.balbi@linux.intel.com>,
<linux-usb@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>,
<linux-kernel@vger.kernel.org>,
"Eddie Hung" <eddie.hung@mediatek.com>, <stable@vger.kernel.org>,
Yuwen Ng <yuwen.ng@mediatek.com>
Subject: [PATCH v2 3/4] usb: mtu3: fix list_head check warning
Date: Sat, 18 Dec 2021 17:57:48 +0800 [thread overview]
Message-ID: <20211218095749.6250-3-chunfeng.yun@mediatek.com> (raw)
In-Reply-To: <20211218095749.6250-1-chunfeng.yun@mediatek.com>
This is caused by uninitialization of list_head.
BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4
Fixes: 83374e035b62 ("usb: mtu3: add tracepoints to help debug")
Cc: stable@vger.kernel.org
Reported-by: Yuwen Ng <yuwen.ng@mediatek.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
---
v2: add Fixes and Cc suggested by Greg
---
drivers/usb/mtu3/mtu3_gadget.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c
index c51be015345b..b6c8a4a99c4d 100644
--- a/drivers/usb/mtu3/mtu3_gadget.c
+++ b/drivers/usb/mtu3/mtu3_gadget.c
@@ -235,6 +235,7 @@ struct usb_request *mtu3_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
mreq->request.dma = DMA_ADDR_INVALID;
mreq->epnum = mep->epnum;
mreq->mep = mep;
+ INIT_LIST_HEAD(&mreq->list);
trace_mtu3_alloc_request(mreq);
return &mreq->request;
--
2.18.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-12-18 9:58 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-18 9:57 [PATCH v2 1/4] usb: mtu3: fix interval value for intr and isoc Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-18 9:57 ` [PATCH v2 2/4] usb: mtu3: add memory barrier before set GPD's HWO Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun [this message]
2021-12-18 9:57 ` [PATCH v2 3/4] usb: mtu3: fix list_head check warning Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-19 10:14 ` Sergei Shtylyov
2021-12-19 10:14 ` Sergei Shtylyov
2021-12-19 10:14 ` Sergei Shtylyov
2021-12-19 10:40 ` Greg Kroah-Hartman
2021-12-19 10:40 ` Greg Kroah-Hartman
2021-12-19 10:40 ` Greg Kroah-Hartman
2021-12-19 11:00 ` Sergei Shtylyov
2021-12-19 11:00 ` Sergei Shtylyov
2021-12-19 11:00 ` Sergei Shtylyov
2021-12-21 6:16 ` Chunfeng Yun
2021-12-21 6:16 ` Chunfeng Yun
2021-12-21 6:16 ` Chunfeng Yun
2021-12-18 9:57 ` [PATCH v2 4/4] usb: mtu3: set interval of FS intr and isoc endpoint Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
2021-12-18 9:57 ` Chunfeng Yun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211218095749.6250-3-chunfeng.yun@mediatek.com \
--to=chunfeng.yun@mediatek.com \
--cc=eddie.hung@mediatek.com \
--cc=felipe.balbi@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-usb@vger.kernel.org \
--cc=matthias.bgg@gmail.com \
--cc=stable@vger.kernel.org \
--cc=yuwen.ng@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.