redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/usb/host
History
Mathias Nyman 2278446e2b xhci: Fix USB3 NULL pointer dereference at logical disconnect. 
Hub driver will try to disable a USB3 device twice at logical disconnect,
racing with xhci_free_dev() callback from the first port disable.

This can be triggered with "udisksctl power-off --block-device <disk>"
or by writing "1" to the "remove" sysfs file for a USB3 device
in 4.17-rc4.

USB3 devices don't have a similar disabled link state as USB2 devices,
and use a U3 suspended link state instead. In this state the port
is still enabled and connected.

hub_port_connect() first disconnects the device, then later it notices
that device is still enabled (due to U3 states) it will try to disable
the port again (set to U3).

The xhci_free_dev() called during device disable is async, so checking
for existing xhci->devs[i] when setting link state to U3 the second time
was successful, even if device was being freed.

The regression was caused by, and whole thing revealed by,
Commit 44a182b9d1 ("xhci: Fix use-after-free in xhci_free_virt_device")
which sets xhci->devs[i]->udev to NULL before xhci_virt_dev() returned.
and causes a NULL pointer dereference the second time we try to set U3.

Fix this by checking xhci->devs[i]->udev exists before setting link state.

The original patch went to stable so this fix needs to be applied there as
well.

Fixes: 44a182b9d1 ("xhci: Fix use-after-free in xhci_free_virt_device")
Cc: <stable@vger.kernel.org>
Reported-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Tested-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-14 11:05:53 +02:00
..
whci USB: host: whci: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-09 09:31:26 -08:00
bcma-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-atmel.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-dbg.c usb: host: fix incorrect updating of offset 2017-11-28 15:17:48 +01:00
ehci-exynos.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-fsl.c usb: add a flag to skip PHY initialization to struct usb_hcd 2018-03-09 09:43:52 -08:00
ehci-fsl.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-grlib.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-hcd.c usb: host: remove tilegx platform glue 2018-03-26 15:57:10 +02:00
ehci-hub.c usb: host: ehci: use correct device pointer for dma ops 2018-02-15 18:43:57 +01:00
ehci-mem.c Revert "usb: host: ehci: Use dma_pool_zalloc()" 2018-05-04 14:35:12 -07:00
ehci-mv.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-mxc.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-omap.c usb: ehci-omap: don't complain on -EPROBE_DEFER when no PHY found 2018-01-22 15:34:38 +01:00
ehci-orion.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-pci.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-platform.c usb: host: ehci-platform: remove custom USB PHY handling 2018-03-09 09:43:53 -08:00
ehci-pmcmsp.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ehci-ps3.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-q.c usb: host: ehci: always enable interrupt for qtd completion at test mode 2018-02-15 18:45:34 +01:00
ehci-sched.c Revert "usb: host: ehci: Use dma_pool_zalloc()" 2018-05-04 14:35:12 -07:00
ehci-sh.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-spear.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-st.c pinctrl: files should directly include apis they use 2018-02-05 09:41:54 -08:00
ehci-sysfs.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
ehci-tegra.c usb: add a flag to skip PHY initialization to struct usb_hcd 2018-03-09 09:43:52 -08:00
ehci-timer.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-w90x900.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci-xilinx-of.c USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ehci.h USB: host: ehci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-dbg.c USB: host: fhci: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-09 09:31:25 -08:00
fhci-hcd.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-hub.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-mem.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-q.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-sched.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci-tds.c USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fhci.h USB: host: fhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
fotg210-hcd.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
fotg210.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fsl-mph-dr-of.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
hwa-hc.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-dbg.c USB: host: imx21: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-09 09:31:26 -08:00
imx21-hcd.c USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
imx21-hcd.h USB: host: imx21: Remove redundant license text 2017-11-07 15:45:02 +01:00
isp116x-hcd.c USB: host: isp116x: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-09 09:31:26 -08:00
isp116x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
isp1362-hcd.c usb: host: isp1362-hcd: remove a couple of redundant assignments 2017-11-07 15:52:29 +01:00
isp1362.h usb: isp1362: remove blackfin arch glue 2018-03-26 15:57:14 +02:00
Kconfig USB/PHY patches for 4.17-rc1 2018-04-04 17:55:35 -07:00
Makefile xhci: Add Intel extended cap / otg phy mux handling 2018-03-22 13:40:10 +01:00
max3421-hcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-at91.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-da8xx.c USB: ohci: da8xx: remove clk con_id 2018-01-09 16:15:19 +01:00
ohci-dbg.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-exynos.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-hcd.c arch: remove obsolete architecture ports 2018-04-02 20:20:12 -07:00
ohci-hub.c ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() 2018-02-15 18:43:57 +01:00
ohci-mem.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-nxp.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-omap.c usb: add a flag to skip PHY initialization to struct usb_hcd 2018-03-09 09:43:52 -08:00
ohci-pci.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-platform.c usb: host: ohci-platform: remove custom USB PHY handling 2018-03-09 09:43:53 -08:00
ohci-ppc-of.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-ps3.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-pxa27x.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-q.c usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() 2018-02-15 18:45:34 +01:00
ohci-s3c2410.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sa1111.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-sm501.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ohci-spear.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-st.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci-tmio.c USB: host: ohci: Remove redundant license text 2017-11-07 15:45:02 +01:00
ohci.h USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
oxu210hp-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
oxu210hp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pci-quirks.c xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00
pci-quirks.h xhci: workaround for AMD Promontory disabled ports wakeup 2018-02-15 18:36:19 +01:00
r8a66597-hcd.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
r8a66597.h USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
sl811-hcd.c USB: host: sl811: Re-use DEFINE_SHOW_ATTRIBUTE() macro 2018-03-16 15:40:19 +01:00
sl811.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sl811_cs.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
ssb-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
u132-hcd.c USB: host: Remove redundant license text 2017-11-07 15:45:02 +01:00
uhci-debug.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-grlib.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-hcd.c USB: host: Use zeroing memory allocator rather than allocator/memset 2018-01-04 17:03:15 +01:00
uhci-hcd.h usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-hub.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-pci.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
uhci-platform.c usb: uhci: Add clk support to uhci-platform 2018-01-17 15:08:56 +01:00
uhci-q.c USB: remove the URB_NO_FSBR flag 2017-12-12 13:16:07 +01:00
xhci-dbg.c usb: xhci: Cleanup printk debug message for ERST 2017-12-08 17:43:52 +01:00
xhci-dbgcap.c usb: xhci: dbc: Fix lockdep warning 2018-03-08 09:06:53 -08:00
xhci-dbgcap.h usb: xhci: Add DbC support in xHCI driver 2017-12-08 17:43:52 +01:00
xhci-dbgtty.c xhci: Fix Kernel oops in xhci dbgtty 2018-04-22 15:23:37 +02:00
xhci-debugfs.c xhci: Fix NULL pointer in xhci debugfs 2018-02-15 18:36:19 +01:00
xhci-debugfs.h USB: host: xhci-debugfs: add SPDX lines 2017-11-07 15:53:48 +01:00
xhci-ext-caps.c xhci: Add Intel extended cap / otg phy mux handling 2018-03-22 13:40:10 +01:00
xhci-ext-caps.h xhci: Add Intel extended cap / otg phy mux handling 2018-03-22 13:40:10 +01:00
xhci-hub.c xhci: Fix USB3 NULL pointer dereference at logical disconnect. 2018-05-14 11:05:53 +02:00
xhci-mem.c xhci: zero usb device slot_id member when disabling and freeing a xhci slot 2018-03-16 15:40:18 +01:00
xhci-mtk-sch.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mtk.c usb: host: xhci-mtk: remove custom USB PHY handling 2018-03-09 09:43:53 -08:00
xhci-mtk.h usb: xhci-mtk: supports remote wakeup for mt2712 with two xHCI IPs 2018-01-09 16:21:28 +01:00
xhci-mvebu.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-mvebu.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-pci.c xhci: Fix USB ports for Dell Inspiron 5775 2018-04-20 16:24:20 +02:00
xhci-plat.c Revert "xhci: plat: Register shutdown for xhci_plat" 2018-04-22 14:45:12 +02:00
xhci-plat.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-rcar.c usb: host: xhci-rcar: add support for r8a77965 2018-03-08 10:07:44 -08:00
xhci-rcar.h USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-ring.c xhci: Clear the host side toggle manually when endpoint is soft reset 2018-03-16 15:40:19 +01:00
xhci-tegra.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.c USB: host: xhci: Remove redundant license text 2017-11-07 15:45:02 +01:00
xhci-trace.h xhci: add port status tracing for Get Hub Status requests 2017-12-08 17:43:53 +01:00
xhci.c xhci: Fix use-after-free in xhci_free_virt_device 2018-05-03 08:55:32 -07:00
xhci.h usb: host: xhci-plat: Fix clock resource by adding a register clock 2018-04-20 16:24:20 +02:00