From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751245AbcBHLbs (ORCPT ); Mon, 8 Feb 2016 06:31:48 -0500 Received: from aserp1040.oracle.com ([141.146.126.69]:51563 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751016AbcBHLbp (ORCPT ); Mon, 8 Feb 2016 06:31:45 -0500 Subject: Re: [PATCH] usb: gadget: provide interface for legacy gadgets to get UDC name To: Marek Szyprowski , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org References: <56B7D2C9.5070301@oracle.com> <1454929965-19897-1-git-send-email-m.szyprowski@samsung.com> Cc: Ruslan Bilovol , Bartlomiej Zolnierkiewicz , Maxime Ripard , Greg Kroah-Hartman , Peter Chen , Felipe Balbi From: Vegard Nossum Message-ID: <56B87C8A.6090609@oracle.com> Date: Mon, 8 Feb 2016 12:31:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <1454929965-19897-1-git-send-email-m.szyprowski@samsung.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: userv0022.oracle.com [156.151.31.74] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/08/2016 12:12 PM, Marek Szyprowski wrote: > Since commit 855ed04a3758b205e84b269f92d26ab36ed8e2f7 ("usb: gadget: > udc-core: independent registration of gadgets and gadget drivers") gadget > drivers can not assume that UDC drivers are already available on their > initialization. This broke the HACK, which was used in gadgetfs driver, > to get UDC controller name. This patch removes this hack and replaces it > by additional function in the UDC core (which is usefully only for legacy > drivers, please don't use it in the new code). > > Signed-off-by: Marek Szyprowski > --- > Vegard: Could you check if this patch fixes your issue with gadgetfs and NULL > pointer dereference? > > Best regards, > Marek Szyprowski > --- [snip patch] Thanks for the patch, I gave it a try. Firstly, it changes /dev/gadget/dummy_udc into /dev/gadget/dummy_udc.0 so it may break some userspace expectations (I don't really know). Secondly, I still get this crash which looks a lot like what I originally reported: kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] DEBUG_PAGEALLOC KASAN CPU: 0 PID: 35 Comm: afl-fuzz Not tainted 4.5.0-rc2 #1 task: ffff8800003b6900 ti: ffff88000c840000 task.ti: ffff88000c840000 RIP: 0010:[] [] __list_del_entry+0x86/0x1d0 RSP: 0018:ffff88000c847da8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81a13f08 RDX: 0000000000000000 RSI: 0000000000000061 RDI: ffffffff81a13f10 RBP: ffff88000c847dc0 R08: 0000000000000246 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: ffffffff81a13e40 R15: ffff88000c83c500 FS: 00007ffff7ff2740(0000) GS:ffffffff8193f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffff78c53a0 CR3: 000000000c850000 CR4: 00000000001406b0 Stack: ffffffff81a13e40 ffffffff81a13f08 ffffffff81a118e0 ffff88000c847dd8 ffffffff8138868d ffffffff81a11638 ffff88000c847e10 ffffffff81523a5d ffffffff817f62a0 ffff880000277a40 ffff88000c83c510 ffff88000c83c520 Call Trace: [] list_del+0xd/0x70 [] usb_gadget_unregister_driver+0x11d/0x240 [] dev_release+0x44/0x110 [] __fput+0x11b/0x490 [] ____fput+0x9/0x10 [] task_work_run+0xf1/0x190 [] ? filp_close+0x8a/0xe0 [] exit_to_usermode_loop+0xec/0x100 [] syscall_return_slowpath+0x91/0xc0 [] int_ret_from_sys_call+0x25/0x8f Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 4c 39 c1 0f 85 9b 00 00 RIP [] __list_del_entry+0x86/0x1d0 RSP ---[ end trace 9a6416535ca1ec01 ]--- I am more than happy to try other patches :-) Thanks, Vegard