mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 13:53:33 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/usb
History
Badhri Jagan Sridharan fc2b655cb6 usb: typec: tcpm: Check for port partner validity before consuming it 
commit ae11f04b45 upstream.

typec_register_partner() does not guarantee partner registration
to always succeed. In the event of failure, port->partner is set
to the error value or NULL. Given that port->partner validity is
not checked, this results in the following crash:

Unable to handle kernel NULL pointer dereference at virtual address xx
 pc : run_state_machine+0x1bc8/0x1c08
 lr : run_state_machine+0x1b90/0x1c08
..
 Call trace:
   run_state_machine+0x1bc8/0x1c08
   tcpm_state_machine_work+0x94/0xe4
   kthread_worker_fn+0x118/0x328
   kthread+0x1d0/0x23c
   ret_from_fork+0x10/0x20

To prevent the crash, check for port->partner validity before
derefencing it in all the call sites.

Cc: stable@vger.kernel.org
Fixes: c97cd0b4b5 ("usb: typec: tcpm: set initial svdm version based on pd revision")
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20240427202812.3435268-1-badhri@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-17 12:15:00 +02:00
..
atm usb: ueagle-atm: Use wait_event_freezable_timeout() in uea_wait() 2024-01-04 15:57:29 +01:00
c67x00
cdns3 usb: cdns3: fix memory double free when handle zero packet 2024-02-19 09:30:41 +01:00
chipidea usb: chipidea: core: handle power lost in workqueue 2024-01-27 16:39:14 -08:00
class Revert "usb: cdc-wdm: close race between read and workqueue" 2024-04-27 17:13:00 +02:00
common usb: ulpi: Fix debugfs directory leak 2024-01-27 17:41:42 -08:00
core USB: core: Fix access violation during port device removal 2024-05-17 12:14:58 +02:00
dwc2 usb: dwc2: host: Fix dereference issue in DDMA completion flow. 2024-04-27 17:13:00 +02:00
dwc3 usb: dwc3: core: Prevent phy suspend during init 2024-05-17 12:14:59 +02:00
early
fotg210 USB / Thunderbolt changes for 6.8-rc1 2024-01-18 11:43:55 -08:00
gadget usb: gadget: f_fs: Fix a race condition when processing setup packets. 2024-05-17 12:14:59 +02:00
host usb: xhci-plat: Don't include xhci.h 2024-05-17 12:14:59 +02:00
image
isp1760
misc usb: misc: onboard_usb_hub: Disable the USB hub clock on failure 2024-04-27 17:12:57 +02:00
mon usb: mon: Fix atomicity violation in mon_bin_vma_fault 2024-01-05 10:36:08 +01:00
mtu3
musb
phy Revert "usb: phy: generic: Get the vbus supply" 2024-04-03 15:32:44 +02:00
renesas_usbhs
roles usb: roles: don't get/set_role() when usb_role_switch is unregistered 2024-02-19 09:30:41 +01:00
serial USB: serial: option: add Telit FN920C04 rmnet compositions 2024-04-27 17:13:00 +02:00
storage USB: UAS: return ENODEV when submit urbs fail with device not attached 2024-04-03 15:32:44 +02:00
typec usb: typec: tcpm: Check for port partner validity before consuming it 2024-05-17 12:15:00 +02:00
usbip USB: core: Use device_driver directly in struct usb_driver and usb_device_driver 2024-01-04 16:06:32 +01:00
Kconfig
Makefile
usb-skeleton.c