* [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null @ 2013-03-08 12:53 oskar.andero 2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero 0 siblings, 1 reply; 6+ messages in thread From: oskar.andero @ 2013-03-08 12:53 UTC (permalink / raw) To: linux-kernel, linux-usb Cc: Greg Kroah-Hartman, Felipe Balbi, Truls Bengtsson, Radovan Lekanovic, Oskar Andero Hi, When going through our patches to be mainlined I stumbled on this one which we have fixed in many different ways internally. The problem is a NULL pointer dereference that can be triggered by disconnecting the USB cable at a specific time. Before submitting the final patch I would like to hear which solution you'd prefer. As I see it there are four different ways to fix the problem: 1) Remove the ERROR() call completely. 2) Add an if-statement on cdev in rndis_response_complete() and use pr_err() or ERROR(). 3) Globally update the ERROR() macro to handle the case where cdev is null. 4) Use the attached patch (RFC PATCH 1/1) where ERROR() is simply replaced with pr_err(). Thanks! -Oskar Truls Bengtsson (1): usb: f_rndis: Avoid to use ERROR macro if cdev can be null drivers/usb/gadget/f_rndis.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) -- 1.7.8.6 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null 2013-03-08 12:53 [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null oskar.andero @ 2013-03-08 12:53 ` oskar.andero 2013-03-08 19:56 ` Sergei Shtylyov 0 siblings, 1 reply; 6+ messages in thread From: oskar.andero @ 2013-03-08 12:53 UTC (permalink / raw) To: linux-kernel, linux-usb Cc: Greg Kroah-Hartman, Felipe Balbi, Truls Bengtsson, Radovan Lekanovic, Oskar Andero From: Truls Bengtsson <truls.bengtsson@sonymobile.com> The udc_irq service runs the isr_tr_complete_handler which in turn "nukes" the endpoints, including a call to rndis_response_complete, if appropriate. If the rndis_msg_parser fails here, an error will be printed using a dev_err call (through the ERROR() macro). However, if the usb cable was just disconnected the device (cdev) might not be available and will be null. Since the dev_err macro will dereference the cdev pointer we get a null pointer exception. Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com> Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com> Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com> --- drivers/usb/gadget/f_rndis.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c index 71beeb8..41b5ebd 100644 --- a/drivers/usb/gadget/f_rndis.c +++ b/drivers/usb/gadget/f_rndis.c @@ -6,6 +6,7 @@ * Copyright (C) 2008 Nokia Corporation * Copyright (C) 2009 Samsung Electronics * Author: Michal Nazarewicz (mina86@mina86.com) + * Copyright (C) 2013 Sony Mobile Communications AB. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -447,14 +448,13 @@ static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req) static void rndis_command_complete(struct usb_ep *ep, struct usb_request *req) { struct f_rndis *rndis = req->context; - struct usb_composite_dev *cdev = rndis->port.func.config->cdev; int status; /* received RNDIS command from USB_CDC_SEND_ENCAPSULATED_COMMAND */ // spin_lock(&dev->lock); status = rndis_msg_parser(rndis->config, (u8 *) req->buf); if (status < 0) - ERROR(cdev, "RNDIS command error %d, %d/%d\n", + pr_err("RNDIS command error %d, %d/%d\n", status, req->actual, req->length); // spin_unlock(&dev->lock); } -- 1.7.8.6 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null 2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero @ 2013-03-08 19:56 ` Sergei Shtylyov 2013-03-08 20:16 ` Greg Kroah-Hartman 0 siblings, 1 reply; 6+ messages in thread From: Sergei Shtylyov @ 2013-03-08 19:56 UTC (permalink / raw) To: oskar.andero Cc: linux-kernel, linux-usb, Greg Kroah-Hartman, Felipe Balbi, Truls Bengtsson, Radovan Lekanovic Hello. On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote: > From: Truls Bengtsson <truls.bengtsson@sonymobile.com> > The udc_irq service runs the isr_tr_complete_handler which in turn > "nukes" the endpoints, including a call to rndis_response_complete, > if appropriate. If the rndis_msg_parser fails here, an error will > be printed using a dev_err call (through the ERROR() macro). > However, if the usb cable was just disconnected the device (cdev) > might not be available and will be null. Since the dev_err macro will > dereference the cdev pointer we get a null pointer exception. > Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com> > Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com> > Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com> > --- > drivers/usb/gadget/f_rndis.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c > index 71beeb8..41b5ebd 100644 > --- a/drivers/usb/gadget/f_rndis.c > +++ b/drivers/usb/gadget/f_rndis.c > @@ -6,6 +6,7 @@ > * Copyright (C) 2008 Nokia Corporation > * Copyright (C) 2009 Samsung Electronics > * Author: Michal Nazarewicz (mina86@mina86.com) > + * Copyright (C) 2013 Sony Mobile Communications AB. Your change seems too insignificant to add a copyright. WBR, Sergei ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null 2013-03-08 19:56 ` Sergei Shtylyov @ 2013-03-08 20:16 ` Greg Kroah-Hartman 2013-03-18 8:28 ` oskar.andero 0 siblings, 1 reply; 6+ messages in thread From: Greg Kroah-Hartman @ 2013-03-08 20:16 UTC (permalink / raw) To: Sergei Shtylyov, oskar.andero, linux-kernel, linux-usb, Felipe Balbi, Truls Bengtsson, Radovan Lekanovic On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote: > Hello. > > On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote: > > >From: Truls Bengtsson <truls.bengtsson@sonymobile.com> > > >The udc_irq service runs the isr_tr_complete_handler which in turn > >"nukes" the endpoints, including a call to rndis_response_complete, > >if appropriate. If the rndis_msg_parser fails here, an error will > >be printed using a dev_err call (through the ERROR() macro). > > >However, if the usb cable was just disconnected the device (cdev) > >might not be available and will be null. Since the dev_err macro will > >dereference the cdev pointer we get a null pointer exception. > > >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com> > >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com> > >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com> > >--- > > drivers/usb/gadget/f_rndis.c | 4 ++-- > > 1 files changed, 2 insertions(+), 2 deletions(-) > > >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c > >index 71beeb8..41b5ebd 100644 > >--- a/drivers/usb/gadget/f_rndis.c > >+++ b/drivers/usb/gadget/f_rndis.c > >@@ -6,6 +6,7 @@ > > * Copyright (C) 2008 Nokia Corporation > > * Copyright (C) 2009 Samsung Electronics > > * Author: Michal Nazarewicz (mina86@mina86.com) > >+ * Copyright (C) 2013 Sony Mobile Communications AB. > > Your change seems too insignificant to add a copyright. You are right, it legally is. Truls, please consult your company's lawyers if you have questions about this, you can not assert copyright over a file for a 2 line change, that's not allowed at all in any jurisdiction I know of. Because of that, I can not accept this change, sorry. greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null 2013-03-08 20:16 ` Greg Kroah-Hartman @ 2013-03-18 8:28 ` oskar.andero 2013-03-18 15:18 ` Greg Kroah-Hartman 0 siblings, 1 reply; 6+ messages in thread From: oskar.andero @ 2013-03-18 8:28 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Sergei Shtylyov, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, Felipe Balbi, Bengtsson, Truls, Lekanovic, Radovan On 21:16 Fri 08 Mar , Greg Kroah-Hartman wrote: > On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote: > > Hello. > > > > On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote: > > > > >From: Truls Bengtsson <truls.bengtsson@sonymobile.com> > > > > >The udc_irq service runs the isr_tr_complete_handler which in turn > > >"nukes" the endpoints, including a call to rndis_response_complete, > > >if appropriate. If the rndis_msg_parser fails here, an error will > > >be printed using a dev_err call (through the ERROR() macro). > > > > >However, if the usb cable was just disconnected the device (cdev) > > >might not be available and will be null. Since the dev_err macro will > > >dereference the cdev pointer we get a null pointer exception. > > > > >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com> > > >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com> > > >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com> > > >--- > > > drivers/usb/gadget/f_rndis.c | 4 ++-- > > > 1 files changed, 2 insertions(+), 2 deletions(-) > > > > >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c > > >index 71beeb8..41b5ebd 100644 > > >--- a/drivers/usb/gadget/f_rndis.c > > >+++ b/drivers/usb/gadget/f_rndis.c > > >@@ -6,6 +6,7 @@ > > > * Copyright (C) 2008 Nokia Corporation > > > * Copyright (C) 2009 Samsung Electronics > > > * Author: Michal Nazarewicz (mina86@mina86.com) > > >+ * Copyright (C) 2013 Sony Mobile Communications AB. > > > > Your change seems too insignificant to add a copyright. > > You are right, it legally is. Truls, please consult your company's > lawyers if you have questions about this, you can not assert copyright > over a file for a 2 line change, that's not allowed at all in any > jurisdiction I know of. > > Because of that, I can not accept this change, sorry. Thanks for your input guys and I totally agree with you! However, I was expecting more comments on the cover-letter, or should I take it that this solution is acceptable? -Oskar ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH 1/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null 2013-03-18 8:28 ` oskar.andero @ 2013-03-18 15:18 ` Greg Kroah-Hartman 0 siblings, 0 replies; 6+ messages in thread From: Greg Kroah-Hartman @ 2013-03-18 15:18 UTC (permalink / raw) To: oskar.andero Cc: Sergei Shtylyov, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, Felipe Balbi, Bengtsson, Truls, Lekanovic, Radovan On Mon, Mar 18, 2013 at 09:28:07AM +0100, oskar.andero@sonymobile.com wrote: > On 21:16 Fri 08 Mar , Greg Kroah-Hartman wrote: > > On Fri, Mar 08, 2013 at 11:56:26PM +0400, Sergei Shtylyov wrote: > > > Hello. > > > > > > On 08-03-2013 16:53, oskar.andero@sonymobile.com wrote: > > > > > > >From: Truls Bengtsson <truls.bengtsson@sonymobile.com> > > > > > > >The udc_irq service runs the isr_tr_complete_handler which in turn > > > >"nukes" the endpoints, including a call to rndis_response_complete, > > > >if appropriate. If the rndis_msg_parser fails here, an error will > > > >be printed using a dev_err call (through the ERROR() macro). > > > > > > >However, if the usb cable was just disconnected the device (cdev) > > > >might not be available and will be null. Since the dev_err macro will > > > >dereference the cdev pointer we get a null pointer exception. > > > > > > >Reviewed-by: Radovan Lekanovic <radovan.lekanovic@sonymobile.com> > > > >Signed-off-by: Truls Bengtsson <truls.bengtsson@sonymobile.com> > > > >Signed-off-by: Oskar Andero <oskar.andero@sonymobile.com> > > > >--- > > > > drivers/usb/gadget/f_rndis.c | 4 ++-- > > > > 1 files changed, 2 insertions(+), 2 deletions(-) > > > > > > >diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c > > > >index 71beeb8..41b5ebd 100644 > > > >--- a/drivers/usb/gadget/f_rndis.c > > > >+++ b/drivers/usb/gadget/f_rndis.c > > > >@@ -6,6 +6,7 @@ > > > > * Copyright (C) 2008 Nokia Corporation > > > > * Copyright (C) 2009 Samsung Electronics > > > > * Author: Michal Nazarewicz (mina86@mina86.com) > > > >+ * Copyright (C) 2013 Sony Mobile Communications AB. > > > > > > Your change seems too insignificant to add a copyright. > > > > You are right, it legally is. Truls, please consult your company's > > lawyers if you have questions about this, you can not assert copyright > > over a file for a 2 line change, that's not allowed at all in any > > jurisdiction I know of. > > > > Because of that, I can not accept this change, sorry. > > Thanks for your input guys and I totally agree with you! However, I was > expecting more comments on the cover-letter, or should I take it that this > solution is acceptable? I don't remember, please resend the series after fixing the issues pointed out. greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-03-18 15:17 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-03-08 12:53 [RFC PATCH 0/1] usb: f_rndis: Avoid to use ERROR macro if cdev can be null oskar.andero 2013-03-08 12:53 ` [RFC PATCH 1/1] " oskar.andero 2013-03-08 19:56 ` Sergei Shtylyov 2013-03-08 20:16 ` Greg Kroah-Hartman 2013-03-18 8:28 ` oskar.andero 2013-03-18 15:18 ` Greg Kroah-Hartman
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.