From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:51430 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751706AbcDQLMY (ORCPT ); Sun, 17 Apr 2016 07:12:24 -0400 Subject: Patch "usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()" has been added to the 4.4-stable tree To: yoshihiro.shimoda.uh@renesas.com, felipe.balbi@linux.intel.com, gregkh@linuxfoundation.org Cc: , From: Date: Sun, 17 Apr 2016 03:32:47 -0700 Message-ID: <1460889167135203@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: usb-renesas_usbhs-avoid-null-pointer-derefernce-in-usbhsf_pkt_handler.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 894f2fc44f2f3f48c36c973b1123f6ab298be160 Mon Sep 17 00:00:00 2001 From: Yoshihiro Shimoda Date: Thu, 10 Mar 2016 11:30:14 +0900 Subject: usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler() From: Yoshihiro Shimoda commit 894f2fc44f2f3f48c36c973b1123f6ab298be160 upstream. When unexpected situation happened (e.g. tx/rx irq happened while DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL pointer dereference like the followings: Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 80000007 [#1] SMP ARM Modules linked in: usb_f_acm u_serial g_serial libcomposite CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63 Hardware name: Generic R8A7790 (Flattened Device Tree) task: c0729c00 ti: c0724000 task.ti: c0724000 PC is at 0x0 LR is at usbhsf_pkt_handler+0xac/0x118 pc : [<00000000>] lr : [] psr: 60000193 sp : c0725db8 ip : 00000000 fp : c0725df4 r10: 00000001 r9 : 00000193 r8 : ef3ccab4 r7 : ef3cca10 r6 : eea4586c r5 : 00000000 r4 : ef19ceb4 r3 : 00000000 r2 : 0000009c r1 : c0725dc4 r0 : ef19ceb4 This patch adds a condition to avoid the dereference. Fixes: e73a989 ("usb: renesas_usbhs: add DMAEngine support") Signed-off-by: Yoshihiro Shimoda Signed-off-by: Felipe Balbi Signed-off-by: Greg Kroah-Hartman --- drivers/usb/renesas_usbhs/fifo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/usb/renesas_usbhs/fifo.c +++ b/drivers/usb/renesas_usbhs/fifo.c @@ -190,7 +190,8 @@ static int usbhsf_pkt_handler(struct usb goto __usbhs_pkt_handler_end; } - ret = func(pkt, &is_done); + if (likely(func)) + ret = func(pkt, &is_done); if (is_done) __usbhsf_pkt_del(pkt); Patches currently in stable-queue which might be from yoshihiro.shimoda.uh@renesas.com are queue-4.4/usb-renesas_usbhs-fix-to-avoid-using-a-disabled-ep-in-usbhsg_queue_done.patch queue-4.4/usb-renesas_usbhs-avoid-null-pointer-derefernce-in-usbhsf_pkt_handler.patch queue-4.4/usb-renesas_usbhs-disable-tx-irq-before-starting-tx-dmac-transfer.patch