github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
61a348857e
linux/drivers/usb
History
Uttkarsh Aggarwal 61a348857e usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend 
In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in
dwc3_gadget_suspend, a NULL pointer dereference may occur.

Call Stack:

	CPU1:                           CPU2:
	gadget_unbind_driver            dwc3_suspend_common
	dwc3_gadget_stop                dwc3_gadget_suspend
                                        dwc3_disconnect_gadget

CPU1 basically clears the variable and CPU2 checks the variable.
Consider CPU1 is running and right before gadget_driver is cleared
and in parallel CPU2 executes dwc3_gadget_suspend where it finds
dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where
it checks dwc->gadget_driver is already NULL because of which the
NULL pointer deference occur.

Cc: stable@vger.kernel.org
Fixes: 9772b47a4c ("usb: dwc3: gadget: Fix suspend/resume during device mode")
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
Link: https://lore.kernel.org/r/20240119094825.26530-1-quic_uaggarwa@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-27 16:39:03 -08:00
..
atm usb: ueagle-atm: Use wait_event_freezable_timeout() in uea_wait() 2024-01-04 15:57:29 +01:00
c67x00 USB: c67x00: Remove unused declaration c67x00_hcd_msg_received() 2023-10-02 16:42:33 +02:00
cdns3 usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled 2024-01-04 16:01:45 +01:00
chipidea usb: chipidea: wait controller resume finished for wakeup irq 2024-01-04 16:01:56 +01:00
class usb: cdc-acm: return correct error code on unsupported break 2023-12-15 13:52:47 +01:00
common Merge 6.5-rc6 into usb-next 2023-08-14 22:22:31 +02:00
core usb: core: Prevent null pointer dereference in update_port_device_state 2024-01-27 16:38:39 -08:00
dwc2 usb: dwc2: Disable clock gating feature on Rockchip SoCs 2024-01-02 14:35:23 +01:00
dwc3 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend 2024-01-27 16:39:03 -08:00
early
fotg210 USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
gadget usb: gadget: ncm: Fix endianness of wMaxSegmentSize variable in ecm_desc 2024-01-27 16:28:28 -08:00
host xhci: handle isoc Babble and Buffer Overrun events properly 2024-01-27 16:28:35 -08:00
image
isp1760 usb: isp1760: Convert to platform remove callback returning void 2023-05-28 12:38:01 +01:00
misc USB: core: Use device_driver directly in struct usb_driver and usb_device_driver 2024-01-04 16:06:32 +01:00
mon usb: mon: Fix atomicity violation in mon_bin_vma_fault 2024-01-05 10:36:08 +01:00
mtu3 usb: mtu3: Convert to platform remove callback returning void 2023-10-21 12:49:08 +02:00
musb Merge 6.6-rc6 into usb-next 2023-10-16 17:36:12 +02:00
phy usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() 2024-01-04 16:01:56 +01:00
renesas_usbhs usb: Explicitly include correct DT includes 2023-07-25 18:20:02 +02:00
roles USB: roles: make role_class a static const structure 2023-06-20 16:20:40 +02:00
serial USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
storage USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
typec USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
usbip USB: core: Use device_driver directly in struct usb_driver and usb_device_driver 2024-01-04 16:06:32 +01:00
Kconfig usb: pci-quirks: handle HAS_IOPORT dependency for AMD quirk 2023-10-02 16:19:12 +02:00
Makefile
usb-skeleton.c