From: Greg KH <gregkh@linuxfoundation.org>
To: Jiri Slaby <jirislaby@kernel.org>
Cc: Kuen-Han Tsai <khtsai@google.com>,
quic_prashk@quicinc.com, stern@rowland.harvard.edu,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] usb: gadget: u_serial: Add null pointer checks after RX/TX submission
Date: Sat, 27 Jan 2024 17:29:43 -0800 [thread overview]
Message-ID: <2024012724-chirpy-google-51bb@gregkh> (raw)
In-Reply-To: <02bec7b8-7754-4b9d-84ae-51621d6aa7ec@kernel.org>
On Thu, Jan 18, 2024 at 10:27:54AM +0100, Jiri Slaby wrote:
> On 16. 01. 24, 15:16, Kuen-Han Tsai wrote:
> > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in
> > gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't
> > fully fix the potential null pointer dereference issue. While
> > gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx()
> > and gs_start_tx() release the lock during endpoint request submission.
> > This creates a window where gs_close() could set port->port_tty to NULL,
> > leading to a dereference when the lock is reacquired.
> >
> > This patch adds a null pointer check for port->port_tty after RX/TX
> > submission, and removes the initial null pointer check in gs_start_io()
> > since the caller must hold port_lock and guarantee non-null values for
> > port_usb and port_tty.
>
> Or you switch to tty_port refcounting and need not fiddling with this at all
> ;).
I agree, Kuen-Han, why not do that instead?
thanks,
greg k-h
next prev parent reply other threads:[~2024-01-28 1:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-16 14:16 [PATCH] usb: gadget: u_serial: Add null pointer checks after RX/TX submission Kuen-Han Tsai
2024-01-18 9:27 ` Jiri Slaby
2024-01-28 1:29 ` Greg KH [this message]
2024-01-28 14:00 ` Kuen-Han Tsai
2024-03-08 11:47 ` Kuen-Han Tsai
2024-03-28 7:54 ` Kuen-Han Tsai
2024-03-28 9:02 ` Jiri Slaby
2024-07-15 15:33 ` Kuen-Han Tsai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024012724-chirpy-google-51bb@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=khtsai@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=quic_prashk@quicinc.com \
--cc=stable@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.