From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, stable <stable@kernel.org>,
Prashanth K <quic_prashk@quicinc.com>,
Alan Stern <stern@rowland.harvard.edu>
Subject: [PATCH 6.1 32/42] usb: gadget: u_serial: Add null pointer check in gserial_resume
Date: Wed, 1 Mar 2023 19:08:53 +0100 [thread overview]
Message-ID: <20230301180658.507070710@linuxfoundation.org> (raw)
In-Reply-To: <20230301180657.003689969@linuxfoundation.org>
From: Prashanth K <quic_prashk@quicinc.com>
commit 5ec63fdbca604568890c577753c6f66c5b3ef0b5 upstream.
Consider a case where gserial_disconnect has already cleared
gser->ioport. And if a wakeup interrupt triggers afterwards,
gserial_resume gets called, which will lead to accessing of
gser->ioport and thus causing null pointer dereference.Add
a null pointer check to prevent this.
Added a static spinlock to prevent gser->ioport from becoming
null after the newly added check.
Fixes: aba3a8d01d62 ("usb: gadget: u_serial: add suspend resume callbacks")
Cc: stable <stable@kernel.org>
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/1676309438-14922-1-git-send-email-quic_prashk@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/u_serial.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -81,6 +81,9 @@
#define WRITE_BUF_SIZE 8192 /* TX only */
#define GS_CONSOLE_BUF_SIZE 8192
+/* Prevents race conditions while accessing gser->ioport */
+static DEFINE_SPINLOCK(serial_port_lock);
+
/* console info */
struct gs_console {
struct console console;
@@ -1374,8 +1377,10 @@ void gserial_disconnect(struct gserial *
if (!port)
return;
+ spin_lock_irqsave(&serial_port_lock, flags);
+
/* tell the TTY glue not to do I/O here any more */
- spin_lock_irqsave(&port->port_lock, flags);
+ spin_lock(&port->port_lock);
gs_console_disconnect(port);
@@ -1390,7 +1395,8 @@ void gserial_disconnect(struct gserial *
tty_hangup(port->port.tty);
}
port->suspended = false;
- spin_unlock_irqrestore(&port->port_lock, flags);
+ spin_unlock(&port->port_lock);
+ spin_unlock_irqrestore(&serial_port_lock, flags);
/* disable endpoints, aborting down any active I/O */
usb_ep_disable(gser->out);
@@ -1424,10 +1430,19 @@ EXPORT_SYMBOL_GPL(gserial_suspend);
void gserial_resume(struct gserial *gser)
{
- struct gs_port *port = gser->ioport;
+ struct gs_port *port;
unsigned long flags;
- spin_lock_irqsave(&port->port_lock, flags);
+ spin_lock_irqsave(&serial_port_lock, flags);
+ port = gser->ioport;
+
+ if (!port) {
+ spin_unlock_irqrestore(&serial_port_lock, flags);
+ return;
+ }
+
+ spin_lock(&port->port_lock);
+ spin_unlock(&serial_port_lock);
port->suspended = false;
if (!port->start_delayed) {
spin_unlock_irqrestore(&port->port_lock, flags);
next prev parent reply other threads:[~2023-03-01 18:13 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-01 18:08 [PATCH 6.1 00/42] 6.1.15-rc1 review Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 01/42] Fix XFRM-I support for nested ESP tunnels Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 02/42] arm64: dts: rockchip: reduce thermal limits on rk3399-pinephone-pro Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 03/42] arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 04/42] ARM: dts: rockchip: add power-domains property to dp node on rk3288 Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 05/42] arm64: dts: rockchip: add missing #interrupt-cells to rk356x pcie2x1 Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 06/42] arm64: dts: rockchip: fix probe of analog sound card on rock-3a Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 07/42] HID: elecom: add support for TrackBall 056E:011C Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 08/42] HID: Ignore battery for Elan touchscreen on Asus TP420IA Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 09/42] ACPI: NFIT: fix a potential deadlock during NFIT teardown Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 10/42] pinctrl: amd: Fix debug output for debounce time Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 11/42] btrfs: send: limit number of clones and allocated memory size Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 12/42] arm64: dts: rockchip: align rk3399 DMC OPP table with bindings Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 13/42] ASoC: rt715-sdca: fix clock stop prepare timeout issue Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 14/42] IB/hfi1: Assign npages earlier Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 15/42] powerpc: Dont select ARCH_WANTS_NO_INSTR Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 16/42] ASoC: SOF: amd: Fix for handling spurious interrupts from DSP Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 17/42] ARM: dts: stihxxx-b2120: fix polarity of reset line of tsin0 port Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 18/42] neigh: make sure used and confirmed times are valid Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 19/42] HID: core: Fix deadloop in hid_apply_multiplier Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 20/42] ASoC: codecs: es8326: Fix DTS properties reading Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 21/42] HID: Ignore battery for ELAN touchscreen 29DF on HP Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 22/42] selftests: ocelot: tc_flower_chains: make test_vlan_ingress_modify() more comprehensive Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 23/42] x86/cpu: Add Lunar Lake M Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 24/42] PM: sleep: Avoid using pr_cont() in the tasks freezing code Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 25/42] bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 26/42] net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues() Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 27/42] vc_screen: dont clobber return value in vcs_read Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 28/42] drm/amd/display: Move DCN314 DOMAIN power control to DMCUB Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 29/42] drm/amd/display: Fix race condition in DPIA AUX transfer Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 30/42] usb: dwc3: pci: add support for the Intel Meteor Lake-M Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 31/42] USB: serial: option: add support for VW/Skoda "Carstick LTE" Greg Kroah-Hartman
2023-03-01 18:08 ` Greg Kroah-Hartman [this message]
2023-03-01 18:08 ` [PATCH 6.1 33/42] arm64: dts: uniphier: Fix property name in PXs3 USB node Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 34/42] usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 35/42] drm/amd/display: Properly reuse completion structure Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 36/42] attr: add in_group_or_capable() Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 37/42] fs: move should_remove_suid() Greg Kroah-Hartman
2023-03-01 18:08 ` [PATCH 6.1 38/42] attr: add setattr_should_drop_sgid() Greg Kroah-Hartman
2023-03-01 18:09 ` [PATCH 6.1 39/42] attr: use consistent sgid stripping checks Greg Kroah-Hartman
2023-03-01 18:09 ` [PATCH 6.1 40/42] fs: use consistent setgid checks in is_sxid() Greg Kroah-Hartman
2023-03-01 18:09 ` [PATCH 6.1 41/42] scripts/tags.sh: fix incompatibility with PCRE2 Greg Kroah-Hartman
2023-03-01 18:09 ` [PATCH 6.1 42/42] USB: core: Dont hold device lock while reading the "descriptors" sysfs file Greg Kroah-Hartman
2023-03-01 20:33 ` [PATCH 6.1 00/42] 6.1.15-rc1 review Conor Dooley
2023-03-01 22:16 ` Florian Fainelli
2023-03-01 23:43 ` Justin Forbes
2023-03-02 1:44 ` Shuah Khan
2023-03-02 4:27 ` Bagas Sanjaya
2023-03-02 7:27 ` Jon Hunter
2023-03-02 10:19 ` Naresh Kamboju
2023-03-02 10:29 ` Greg Kroah-Hartman
2023-03-02 11:00 ` Naresh Kamboju
2023-03-02 20:02 ` Naresh Kamboju
2023-03-03 7:01 ` Greg Kroah-Hartman
2023-03-03 9:00 ` Naresh Kamboju
2023-03-03 8:04 ` Paolo Abeni
2023-03-03 9:04 ` Naresh Kamboju
2023-03-03 9:23 ` Greg Kroah-Hartman
2023-03-03 9:47 ` Matthieu Baerts
2023-03-03 10:26 ` Greg Kroah-Hartman
2023-03-03 10:56 ` Matthieu Baerts
2023-03-03 11:31 ` Greg Kroah-Hartman
2023-03-03 11:39 ` Paolo Abeni
2023-03-03 11:44 ` Greg Kroah-Hartman
2023-03-03 12:41 ` Paolo Abeni
2023-03-03 13:35 ` Greg Kroah-Hartman
2023-03-02 11:37 ` Sudip Mukherjee (Codethink)
2023-03-02 23:16 ` Slade Watkins
2023-03-02 23:25 ` Rudi Heitbaum
2023-03-03 1:31 ` Guenter Roeck
2023-03-03 2:55 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230301180658.507070710@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=patches@lists.linux.dev \
--cc=quic_prashk@quicinc.com \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox