leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fa2dfd0ec2
linux/drivers/usb/host
History
Zhengjun Xing fa2dfd0ec2 xhci: Fix NULL pointer in xhci debugfs 
Commit dde634057d ("xhci: Fix use-after-free in xhci debugfs") causes a
null pointer dereference while fixing xhci-debugfs usage of ring pointers
that were freed during hibernate.

The fix passed addresses to ring pointers instead, but forgot to do this
change for the xhci_ring_trb_show function.

The address of the ring pointer passed to xhci-debugfs was of a temporary
ring pointer "new_ring" instead of the actual ring "ring" pointer. The
temporary new_ring pointer will be set to NULL later causing the NULL
pointer dereference.

This issue was seen when reading xhci related files in debugfs:

cat /sys/kernel/debug/usb/xhci/*/devices/*/ep*/trbs

[  184.604861] BUG: unable to handle kernel NULL pointer dereference at (null)
[  184.613776] IP: xhci_ring_trb_show+0x3a/0x890
[  184.618733] PGD 264193067 P4D 264193067 PUD 263238067 PMD 0
[  184.625184] Oops: 0000 [#1] SMP
[  184.726410] RIP: 0010:xhci_ring_trb_show+0x3a/0x890
[  184.731944] RSP: 0018:ffffba8243c0fd90 EFLAGS: 00010246
[  184.737880] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000295d6
[  184.746020] RDX: 00000000000295d5 RSI: 0000000000000001 RDI: ffff971a6418d400
[  184.754121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  184.762222] R10: ffff971a64c98a80 R11: ffff971a62a00e40 R12: ffff971a62a85500
[  184.770325] R13: 0000000000020000 R14: ffff971a6418d400 R15: ffff971a6418d400
[  184.778448] FS:  00007fe725a79700(0000) GS:ffff971a6ec00000(0000) knlGS:0000000000000000
[  184.787644] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.794168] CR2: 0000000000000000 CR3: 000000025f365005 CR4: 00000000003606f0
[  184.802318] Call Trace:
[  184.805094]  ? seq_read+0x281/0x3b0
[  184.809068]  seq_read+0xeb/0x3b0
[  184.812735]  full_proxy_read+0x4d/0x70
[  184.817007]  __vfs_read+0x23/0x120
[  184.820870]  vfs_read+0x91/0x130
[  184.824538]  SyS_read+0x42/0x90
[  184.828106]  entry_SYSCALL_64_fastpath+0x1a/0x7d

Fixes: dde634057d ("xhci: Fix use-after-free in xhci debugfs")
Cc: <stable@vger.kernel.org> # v4.15
Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-15 18:36:19 +01:00
..
whci USB: host: whci: remove redundant variable t 2017-11-28 15:08:43 +01:00
bcma-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-atmel.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-dbg.c usb: host: fix incorrect updating of offset 2017-11-28 15:17:48 +01:00
ehci-exynos.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-fsl.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-fsl.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-grlib.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hcd.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hub.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mem.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mv.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mxc.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-omap.c usb: ehci-omap: don't complain on -EPROBE_DEFER when no PHY found 2018-01-22 15:34:38 +01:00
ehci-orion.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-pci.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-platform.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-pmcmsp.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ehci-ps3.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-q.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-sched.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-sh.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-spear.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-st.c pinctrl: files should directly include apis they use 2018-02-05 09:41:54 -08:00
ehci-sysfs.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
ehci-tegra.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-tilegx.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-timer.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-w90x900.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-xilinx-of.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-dbg.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hcd.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hub.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-mem.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-q.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-sched.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-tds.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci.h USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fotg210-hcd.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
fotg210.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fsl-mph-dr-of.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
hwa-hc.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-dbg.c USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-hcd.c USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-hcd.h USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
isp116x-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
isp116x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
isp1362-hcd.c usb: host: isp1362-hcd: remove a couple of redundant assignments 2017-11-07 15:52:29 +01:00
isp1362.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig usb: xhci: Add DbC support in xHCI driver 2017-12-08 17:43:52 +01:00
Makefile usb: xhci: Add DbC support in xHCI driver 2017-12-08 17:43:52 +01:00
max3421-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-at91.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-da8xx.c USB: ohci: da8xx: remove clk con_id 2018-01-09 16:15:19 +01:00
ohci-dbg.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-exynos.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ohci-hub.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-mem.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-nxp.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-omap.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-pci.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-platform.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-ps3.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-pxa27x.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-q.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-s3c2410.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sa1111.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sm501.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-spear.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-st.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tilegx.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tmio.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci.h USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
oxu210hp-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
oxu210hp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-quirks.c xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00
pci-quirks.h xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00
r8a66597-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
r8a66597.h USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
sl811_cs.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
sl811-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
sl811.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ssb-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
u132-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
uhci-debug.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-grlib.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-hcd.c USB: host: Use zeroing memory allocator rather than allocator/memset 2018-01-04 17:03:15 +01:00
uhci-hcd.h usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-hub.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-pci.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-platform.c usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-q.c USB: remove the URB_NO_FSBR flag 2017-12-12 13:16:07 +01:00
xhci-dbg.c usb: xhci: Cleanup printk debug message for ERST 2017-12-08 17:43:52 +01:00
xhci-dbgcap.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
xhci-dbgcap.h usb: xhci: Add DbC support in xHCI driver 2017-12-08 17:43:52 +01:00
xhci-dbgtty.c usb: xhci: make function xhci_dbc_free_req static 2017-12-12 13:16:07 +01:00
xhci-debugfs.c xhci: Fix NULL pointer in xhci debugfs 2018-02-15 18:36:19 +01:00
xhci-debugfs.h USB: host: xhci-debugfs: add SPDX lines 2017-11-07 15:53:48 +01:00
xhci-ext-caps.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-hub.c xhci: Don't print a warning when setting link state for disabled ports 2018-02-15 18:36:19 +01:00
xhci-mem.c USB: host: Use zeroing memory allocator rather than allocator/memset 2018-01-04 17:03:15 +01:00
xhci-mtk-sch.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mtk.c usb: xhci-mtk: fix semicolon.cocci warnings 2018-01-16 10:01:01 +01:00
xhci-mtk.h usb: xhci-mtk: supports remote wakeup for mt2712 with two xHCI IPs 2018-01-09 16:21:28 +01:00
xhci-mvebu.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mvebu.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-pci.c xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00
xhci-plat.c usb: xhci: allow imod-interval to be configurable 2017-12-08 17:43:52 +01:00
xhci-plat.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-ring.c Merge 4.15-rc4 into usb-next 2017-12-18 09:08:05 +01:00
xhci-tegra.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.h xhci: add port status tracing for Get Hub Status requests 2017-12-08 17:43:53 +01:00
xhci.c Merge 4.15.0-rc6 into usb-next 2018-01-02 15:13:41 +01:00
xhci.h xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00