From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 5.10 23/26] xhci: fix even more unsafe memory usage in xhci tracing
Date: Fri, 10 Sep 2021 14:30:27 +0200 [thread overview]
Message-ID: <20210910122916.997552123@linuxfoundation.org> (raw)
In-Reply-To: <20210910122916.253646001@linuxfoundation.org>
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 4843b4b5ec64b875a5e334f280508f1f75e7d3e4 upstream.
Removes static char buffer usage in the following decode functions:
xhci_decode_ctrl_ctx()
xhci_decode_slot_context()
xhci_decode_usbsts()
xhci_decode_doorbell()
xhci_decode_ep_context()
Caller must provide a buffer to use.
In tracing use __get_str() as recommended to pass buffer.
Minor changes are needed in other xhci code as these functions are also
used elsewhere
Cc: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210820123503.2605901-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-debugfs.c | 8 ++++++--
drivers/usb/host/xhci-ring.c | 3 ++-
drivers/usb/host/xhci-trace.h | 18 +++++++++++-------
drivers/usb/host/xhci.h | 21 ++++++++-------------
4 files changed, 27 insertions(+), 23 deletions(-)
--- a/drivers/usb/host/xhci-debugfs.c
+++ b/drivers/usb/host/xhci-debugfs.c
@@ -260,11 +260,13 @@ static int xhci_slot_context_show(struct
struct xhci_slot_ctx *slot_ctx;
struct xhci_slot_priv *priv = s->private;
struct xhci_virt_device *dev = priv->dev;
+ char str[XHCI_MSG_MAX];
xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus));
slot_ctx = xhci_get_slot_ctx(xhci, dev->out_ctx);
seq_printf(s, "%pad: %s\n", &dev->out_ctx->dma,
- xhci_decode_slot_context(le32_to_cpu(slot_ctx->dev_info),
+ xhci_decode_slot_context(str,
+ le32_to_cpu(slot_ctx->dev_info),
le32_to_cpu(slot_ctx->dev_info2),
le32_to_cpu(slot_ctx->tt_info),
le32_to_cpu(slot_ctx->dev_state)));
@@ -280,6 +282,7 @@ static int xhci_endpoint_context_show(st
struct xhci_ep_ctx *ep_ctx;
struct xhci_slot_priv *priv = s->private;
struct xhci_virt_device *dev = priv->dev;
+ char str[XHCI_MSG_MAX];
xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus));
@@ -287,7 +290,8 @@ static int xhci_endpoint_context_show(st
ep_ctx = xhci_get_ep_ctx(xhci, dev->out_ctx, ep_index);
dma = dev->out_ctx->dma + (ep_index + 1) * CTX_SIZE(xhci->hcc_params);
seq_printf(s, "%pad: %s\n", &dma,
- xhci_decode_ep_context(le32_to_cpu(ep_ctx->ep_info),
+ xhci_decode_ep_context(str,
+ le32_to_cpu(ep_ctx->ep_info),
le32_to_cpu(ep_ctx->ep_info2),
le64_to_cpu(ep_ctx->deq),
le32_to_cpu(ep_ctx->tx_info)));
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1005,6 +1005,7 @@ void xhci_stop_endpoint_command_watchdog
struct xhci_hcd *xhci = ep->xhci;
unsigned long flags;
u32 usbsts;
+ char str[XHCI_MSG_MAX];
spin_lock_irqsave(&xhci->lock, flags);
@@ -1018,7 +1019,7 @@ void xhci_stop_endpoint_command_watchdog
usbsts = readl(&xhci->op_regs->status);
xhci_warn(xhci, "xHCI host not responding to stop endpoint command.\n");
- xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(usbsts));
+ xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(str, usbsts));
ep->ep_state &= ~EP_STOP_CMD_PENDING;
--- a/drivers/usb/host/xhci-trace.h
+++ b/drivers/usb/host/xhci-trace.h
@@ -323,6 +323,7 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx,
__field(u32, info2)
__field(u64, deq)
__field(u32, tx_info)
+ __dynamic_array(char, str, XHCI_MSG_MAX)
),
TP_fast_assign(
__entry->info = le32_to_cpu(ctx->ep_info);
@@ -330,8 +331,8 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx,
__entry->deq = le64_to_cpu(ctx->deq);
__entry->tx_info = le32_to_cpu(ctx->tx_info);
),
- TP_printk("%s", xhci_decode_ep_context(__entry->info,
- __entry->info2, __entry->deq, __entry->tx_info)
+ TP_printk("%s", xhci_decode_ep_context(__get_str(str),
+ __entry->info, __entry->info2, __entry->deq, __entry->tx_info)
)
);
@@ -368,6 +369,7 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx,
__field(u32, info2)
__field(u32, tt_info)
__field(u32, state)
+ __dynamic_array(char, str, XHCI_MSG_MAX)
),
TP_fast_assign(
__entry->info = le32_to_cpu(ctx->dev_info);
@@ -375,9 +377,9 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx,
__entry->tt_info = le64_to_cpu(ctx->tt_info);
__entry->state = le32_to_cpu(ctx->dev_state);
),
- TP_printk("%s", xhci_decode_slot_context(__entry->info,
- __entry->info2, __entry->tt_info,
- __entry->state)
+ TP_printk("%s", xhci_decode_slot_context(__get_str(str),
+ __entry->info, __entry->info2,
+ __entry->tt_info, __entry->state)
)
);
@@ -432,12 +434,13 @@ DECLARE_EVENT_CLASS(xhci_log_ctrl_ctx,
TP_STRUCT__entry(
__field(u32, drop)
__field(u32, add)
+ __dynamic_array(char, str, XHCI_MSG_MAX)
),
TP_fast_assign(
__entry->drop = le32_to_cpu(ctrl_ctx->drop_flags);
__entry->add = le32_to_cpu(ctrl_ctx->add_flags);
),
- TP_printk("%s", xhci_decode_ctrl_ctx(__entry->drop, __entry->add)
+ TP_printk("%s", xhci_decode_ctrl_ctx(__get_str(str), __entry->drop, __entry->add)
)
);
@@ -555,13 +558,14 @@ DECLARE_EVENT_CLASS(xhci_log_doorbell,
TP_STRUCT__entry(
__field(u32, slot)
__field(u32, doorbell)
+ __dynamic_array(char, str, XHCI_MSG_MAX)
),
TP_fast_assign(
__entry->slot = slot;
__entry->doorbell = doorbell;
),
TP_printk("Ring doorbell for %s",
- xhci_decode_doorbell(__entry->slot, __entry->doorbell)
+ xhci_decode_doorbell(__get_str(str), __entry->slot, __entry->doorbell)
)
);
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -2443,10 +2443,9 @@ static inline const char *xhci_decode_tr
return str;
}
-static inline const char *xhci_decode_ctrl_ctx(unsigned long drop,
- unsigned long add)
+static inline const char *xhci_decode_ctrl_ctx(char *str,
+ unsigned long drop, unsigned long add)
{
- static char str[1024];
unsigned int bit;
int ret = 0;
@@ -2472,10 +2471,9 @@ static inline const char *xhci_decode_ct
return str;
}
-static inline const char *xhci_decode_slot_context(u32 info, u32 info2,
- u32 tt_info, u32 state)
+static inline const char *xhci_decode_slot_context(char *str,
+ u32 info, u32 info2, u32 tt_info, u32 state)
{
- static char str[1024];
u32 speed;
u32 hub;
u32 mtt;
@@ -2605,9 +2603,8 @@ static inline const char *xhci_decode_po
return str;
}
-static inline const char *xhci_decode_usbsts(u32 usbsts)
+static inline const char *xhci_decode_usbsts(char *str, u32 usbsts)
{
- static char str[256];
int ret = 0;
if (usbsts == ~(u32)0)
@@ -2634,9 +2631,8 @@ static inline const char *xhci_decode_us
return str;
}
-static inline const char *xhci_decode_doorbell(u32 slot, u32 doorbell)
+static inline const char *xhci_decode_doorbell(char *str, u32 slot, u32 doorbell)
{
- static char str[256];
u8 ep;
u16 stream;
int ret;
@@ -2703,10 +2699,9 @@ static inline const char *xhci_ep_type_s
}
}
-static inline const char *xhci_decode_ep_context(u32 info, u32 info2, u64 deq,
- u32 tx_info)
+static inline const char *xhci_decode_ep_context(char *str, u32 info,
+ u32 info2, u64 deq, u32 tx_info)
{
- static char str[1024];
int ret;
u32 esit;
next prev parent reply other threads:[~2021-09-10 12:34 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 12:30 [PATCH 5.10 00/26] 5.10.64-rc1 review Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 01/26] igmp: Add ip_mc_list lock in ip_check_mc_rcu Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 02/26] USB: serial: mos7720: improve OOM-handling in read_mos_reg() Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 03/26] net: ll_temac: Remove left-over debug message Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 04/26] mm/page_alloc: speed up the iteration of max_order Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 05/26] net: kcov: dont select SKB_EXTENSIONS when there is no NET Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 06/26] serial: 8250: 8250_omap: Fix unused variable warning Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 07/26] net: linux/skbuff.h: combine SKB_EXTENSIONS + KCOV handling Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 08/26] tty: drop termiox user definitions Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 09/26] Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM" Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 10/26] x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 11/26] blk-mq: fix kernel panic during iterating over flush request Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 12/26] blk-mq: fix is_flush_rq Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 13/26] netfilter: nftables: avoid potential overflows on 32bit arches Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 14/26] netfilter: nf_tables: initialize set before expression setup Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 15/26] netfilter: nftables: clone set element expression template Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 16/26] blk-mq: clearing flush request reference in tags->rqs[] Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 17/26] ALSA: usb-audio: Add registration quirk for JBL Quantum 800 Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 18/26] usb: host: xhci-rcar: Dont reload firmware after the completion Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 19/26] usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc or intr Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 20/26] usb: mtu3: restore HS function when set SS/SSP Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 21/26] usb: mtu3: use @mult for HS isoc or intr Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 22/26] usb: mtu3: fix the wrong HS mult value Greg Kroah-Hartman
2021-09-10 12:30 ` Greg Kroah-Hartman [this message]
2021-09-10 12:30 ` [PATCH 5.10 24/26] xhci: fix unsafe memory usage in xhci tracing Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 25/26] x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.10 26/26] PCI: Call Max Payload Size-related fixup quirks early Greg Kroah-Hartman
2021-09-10 19:02 ` [PATCH 5.10 00/26] 5.10.64-rc1 review Florian Fainelli
2021-09-10 19:52 ` Pavel Machek
2021-09-10 22:51 ` Fox Chen
2021-09-10 23:17 ` Shuah Khan
2021-09-11 6:14 ` Samuel Zou
2021-09-11 15:56 ` Sudip Mukherjee
2021-09-11 19:37 ` Guenter Roeck
2021-09-12 0:49 ` Daniel Díaz
2021-09-12 12:18 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210910122916.997552123@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).