Trying to read from debugfs after the system has resumed from
hibernate causes a use-after-free and thus a protection fault.
Steps to reproduce:
Hibernate system, resume from hibernate, then run
$ cat /sys/kernel/debug/usb/xhci/*/command-ring/enqueue
[ 3902.765086] general protection fault: 0000 [#1] PREEMPT SMP
...
[ 3902.765136] RIP: 0010:xhci_trb_virt_to_dma.part.50+0x5/0x30
...
[ 3902.765178] Call Trace:
[ 3902.765188] xhci_ring_enqueue_show+0x1e/0x40
[ 3902.765197] seq_read+0xdb/0x3a0
[ 3902.765204] ? __handle_mm_fault+0x5fb/0x1210
[ 3902.765211] full_proxy_read+0x4a/0x70
[ 3902.765219] __vfs_read+0x23/0x120
[ 3902.765228] vfs_read+0x8e/0x130
[ 3902.765235] SyS_read+0x42/0x90
[ 3902.765242] do_syscall_64+0x6b/0x290
[ 3902.765251] entry_SYSCALL64_slow_path+0x25/0x25
The issue is caused by the xhci ring structures being reallocated
when the system is resumed, but pointers to the old structures
being retained in the debugfs files "private" field:
The proposed patch fixes this issue by storing a pointer to the xhci_ring
field in the xhci device structure in debugfs rather than directly
storing a pointer to the xhci_ring.
Fixes: 02b6fdc2a1 ("usb: xhci: Add debugfs interface for xHCI driver")
Signed-off-by: Alexander Kappner <agk@godking.net>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The license text was removed from these files, yet they somehow missed
the big "add SPDX tags to all files" sweep due to them being new. So
add the proper SPDX license tag to them, based on the original license
text in the file.
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now that the SPDX tag is in all USB files, that identifies the license
in a specific and legally-defined manner. So the extra GPL text wording
can be removed as it is no longer needed at all.
This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text. And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.
No copyright headers or other non-license-description text was removed.
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: Jonathan Hunter <jonathanh@nvidia.com>
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This adds debugfs consumer for xHCI driver. The debugfs entries
read all host registers, device/endpoint contexts, command ring,
event ring and various endpoint rings. With these entries, users
can check the registers and memory spaces used by a host during
run time, or save all the information with a simple 'cp -r' for
post-mortem programs.
The file hierarchy looks like this.
[root of debugfs]
|__usb
|____[e,u,o]hci <---------[root for other HCIs]
|____xhci <---------------[root for xHCI]
|______0000:00:14.0 <--------------[xHCI host name]
|________reg-cap <--------[capability registers]
|________reg-op <-------[operational registers]
|________reg-runtime <-----------[runtime registers]
|________reg-ext-#cap_name <----[extended capability regs]
|________command-ring <-------[root for command ring]
|__________cycle <------------------[ring cycle]
|__________dequeue <--------[ring dequeue pointer]
|__________enqueue <--------[ring enqueue pointer]
|__________trbs <-------------------[ring trbs]
|________event-ring <---------[root for event ring]
|__________cycle <------------------[ring cycle]
|__________dequeue <--------[ring dequeue pointer]
|__________enqueue <--------[ring enqueue pointer]
|__________trbs <-------------------[ring trbs]
|________devices <------------[root for devices]
|__________#slot_id <-----------[root for a device]
|____________name <-----------------[device name]
|____________slot-context <----------------[slot context]
|____________ep-context <-----------[endpoint contexts]
|____________ep#ep_index <--------[root for an endpoint]
|______________cycle <------------------[ring cycle]
|______________dequeue <--------[ring dequeue pointer]
|______________enqueue <--------[ring enqueue pointer]
|______________trbs <-------------------[ring trbs]
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
