From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753263AbcBHM3c (ORCPT ); Mon, 8 Feb 2016 07:29:32 -0500 Received: from mailout2.w1.samsung.com ([210.118.77.12]:51530 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753160AbcBHM33 (ORCPT ); Mon, 8 Feb 2016 07:29:29 -0500 X-AuditID: cbfec7f4-f79026d00000418a-c0-56b88a26d569 Subject: Re: [PATCH] usb: gadget: provide interface for legacy gadgets to get UDC name To: Vegard Nossum , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org References: <56B7D2C9.5070301@oracle.com> <1454929965-19897-1-git-send-email-m.szyprowski@samsung.com> <56B87C8A.6090609@oracle.com> Cc: Ruslan Bilovol , Bartlomiej Zolnierkiewicz , Maxime Ripard , Greg Kroah-Hartman , Peter Chen , Felipe Balbi From: Marek Szyprowski Message-id: <56B88A25.9010008@samsung.com> Date: Mon, 08 Feb 2016 13:29:25 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-version: 1.0 In-reply-to: <56B87C8A.6090609@oracle.com> Content-type: text/plain; charset=utf-8; format=flowed Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMLMWRmVeSWpSXmKPExsVy+t/xK7pqXTvCDBqfiFlsnLGe1eJY2xN2 i+bF69ksLu+aw2axaFkrs8XWTXuZLY7N/stk0bPzBKPF2aY1rA6cHk82XWT0+He4n8lj56y7 7B6bVnWyeeyfu4bd4+PTWywefVtWMXp83iQXwBHFZZOSmpNZllqkb5fAlfH52EG2gkfSFXOu t7A2MLaJdzFyckgImEhsXdnDAmGLSVy4t56ti5GLQ0hgKaPEl+dz2SGc54wSU05OBqri4BAW iJB4uDwPpEFEIF2iuec7VEMHo0TbgptsIAlmgWlMEvNvR4HYbAKGEl1vu9hAenkFtCROnCsC CbMIqEqs+HYQrFxUIEbiYucRJhCbV0BQ4sfke2CrOIHKF/zUgJhoJvHl5WFWCFteYvOat8wT GAVmIemYhaRsFpKyBYzMqxhFU0uTC4qT0nMN9YoTc4tL89L1kvNzNzFCouLLDsbFx6wOMQpw MCrx8FZ0bA8TYk0sK67MPcQowcGsJMLr07AjTIg3JbGyKrUoP76oNCe1+BCjNAeLkjjv3F3v Q4QE0hNLUrNTUwtSi2CyTBycUg2M8evbdq+Sm/B6ksDS3LiE8zUrBPzUNtj9tTQ0eXnzNxt7 jm9GrUTdIrE1WSply5k+O1xozjCulD5RzcO1+sfVs3wf+USXt1yOYZ4SN/H5WaaAoDohXclJ aaGzjN8KpdQn9dSo9xlM/NJvvW7LxPLKitI7vzJmCQhkq5ROT7c2ep7xjP/BCl4lluKMREMt 5qLiRAApalNJhgIAAA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On 2016-02-08 12:31, Vegard Nossum wrote: > On 02/08/2016 12:12 PM, Marek Szyprowski wrote: >> Since commit 855ed04a3758b205e84b269f92d26ab36ed8e2f7 ("usb: gadget: >> udc-core: independent registration of gadgets and gadget drivers") >> gadget >> drivers can not assume that UDC drivers are already available on their >> initialization. This broke the HACK, which was used in gadgetfs driver, >> to get UDC controller name. This patch removes this hack and replaces it >> by additional function in the UDC core (which is usefully only for >> legacy >> drivers, please don't use it in the new code). >> >> Signed-off-by: Marek Szyprowski >> --- >> Vegard: Could you check if this patch fixes your issue with gadgetfs >> and NULL >> pointer dereference? >> >> Best regards, >> Marek Szyprowski >> --- > > [snip patch] > > Thanks for the patch, I gave it a try. > > Firstly, it changes /dev/gadget/dummy_udc into /dev/gadget/dummy_udc.0 > so it may break some userspace expectations (I don't really know). Right, thanks for pointing this issue. > > Secondly, I still get this crash which looks a lot like what I > originally reported: > > kasan: GPF could be caused by NULL-ptr deref or user memory > accessgeneral protection fault: 0000 [#1] DEBUG_PAGEALLOC KASAN > CPU: 0 PID: 35 Comm: afl-fuzz Not tainted 4.5.0-rc2 #1 > task: ffff8800003b6900 ti: ffff88000c840000 task.ti: ffff88000c840000 > RIP: 0010:[] [] > __list_del_entry+0x86/0x1d0 > RSP: 0018:ffff88000c847da8 EFLAGS: 00010246 > RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81a13f08 > RDX: 0000000000000000 RSI: 0000000000000061 RDI: ffffffff81a13f10 > RBP: ffff88000c847dc0 R08: 0000000000000246 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 > R13: dffffc0000000000 R14: ffffffff81a13e40 R15: ffff88000c83c500 > FS: 00007ffff7ff2740(0000) GS:ffffffff8193f000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007ffff78c53a0 CR3: 000000000c850000 CR4: 00000000001406b0 > Stack: > ffffffff81a13e40 ffffffff81a13f08 ffffffff81a118e0 ffff88000c847dd8 > ffffffff8138868d ffffffff81a11638 ffff88000c847e10 ffffffff81523a5d > ffffffff817f62a0 ffff880000277a40 ffff88000c83c510 ffff88000c83c520 > Call Trace: > [] list_del+0xd/0x70 > [] usb_gadget_unregister_driver+0x11d/0x240 > [] dev_release+0x44/0x110 > [] __fput+0x11b/0x490 > [] ____fput+0x9/0x10 > [] task_work_run+0xf1/0x190 > [] ? filp_close+0x8a/0xe0 > [] exit_to_usermode_loop+0xec/0x100 > [] syscall_return_slowpath+0x91/0xc0 > [] int_ret_from_sys_call+0x25/0x8f > Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f > 84 a5 00 00 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> > 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 4c 39 c1 0f 85 9b 00 00 > RIP [] __list_del_entry+0x86/0x1d0 > RSP > ---[ end trace 9a6416535ca1ec01 ]--- > > I am more than happy to try other patches :-) Thanks, Okay, now I managed to reproduce it and I've sent a fix for gadgetfs driver a few minutes ago. When both patches are applied, no more issue should be observed. Best regards -- Marek Szyprowski, PhD Samsung R&D Institute Poland