Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp4878728pjb; Mon, 27 Jul 2020 07:26:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyG9RirzAqYSaTesXyDV9QrP3OVdHJL6DF6uxyIa2r9nv4ATIye6STQCgMebz4+EOJgH1KW X-Received: by 2002:a05:6402:304b:: with SMTP id bu11mr3391462edb.106.1595859987736; Mon, 27 Jul 2020 07:26:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595859987; cv=none; d=google.com; s=arc-20160816; b=pxySigSmmPv+Y3YQQVA/+jI2AJysO0RIR0MOFEu4kAhkmLCB5QORyBleZ72xsq8rX+ gAUCexDRafBbp9w4U3/6j7U7wOPNAuQlq209E9KpLMlLtrzEZUZ085uHVfEOJhoSNHak P74wQJiUeT95wfuRUV7WHvQtGU2iwb8TIyJbYkel3wbQaThyfk9sZaktquSa9SOytfMI a+Cn8W1z+vE8gbXQ7qcTEAtSo+cpEnJyhnzKCNVwakT5lbjOguyJepqq7EtIjhzuUJN4 N8lXuskRtixa+raVlx159ZYjUBOo5RlaaYO6hEiY09kTnhcRawYJspEpCHvD2k9MyKoR xRpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jRjryDnTquT+WctMPtyyHMNCFDOVAKcSFmo9BPVXPZs=; b=nx5p1U9Gvc6pJwgt/pu4iQkk04TWLF28AYW0P4dkGJvv8GareqHZ/iGQCI2C0HFW0R PDMAS6+AubhqHg1xe8h/dBZ7gF1LIaOd0XWbUHZD1exj6khKtKsbXdjpgAOoDIXWoMZh IpZdIVWohHHS0wQUxNRVCtg2t5a5zbCCHzQHgj9jv4UAZAWu9CPM33ggOcsHn4h/c2J0 5q4UjU9FVzJHpyHjPlOIMVDee9aBogpSg5tAnD42qoNsd3G0RK0jtMbe5Gm9al3cR6wh 67ExmXznKu/oQEQzhoGALw4yHScpnvPWkfVrmPw8u0S0eJnO64N0UwHZzxz5QO0E28xg oj8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dfVvoRer; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jp14si5463171ejb.93.2020.07.27.07.26.05; Mon, 27 Jul 2020 07:26:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dfVvoRer; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731727AbgG0OYr (ORCPT + 99 others); Mon, 27 Jul 2020 10:24:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:54384 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730619AbgG0OYl (ORCPT ); Mon, 27 Jul 2020 10:24:41 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D29BF208E4; Mon, 27 Jul 2020 14:24:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595859881; bh=weRdGSoG9bjwzupYqd5vwcpAZAB7vdEjth1Z4RV9UpU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dfVvoRerQEYlNEKQ+0xSD09BhPNT5CRk6jiJjQijlkc9hElFnfG/eIq3vmlu75ZvL pAXBJEPpgFmMR+4WnxGKVqEHRfpd0YLr5Haq5R8l44ZfAGWzrOpFux+5yokC2Qxl1o Dt77h06RJmP6HbPynM0WxewEIzmrhoAjfvhnolYQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jon Hunter , Thierry Reding Subject: [PATCH 5.7 141/179] usb: tegra: Fix allocation for the FPCI context Date: Mon, 27 Jul 2020 16:05:16 +0200 Message-Id: <20200727134939.503608590@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200727134932.659499757@linuxfoundation.org> References: <20200727134932.659499757@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jon Hunter commit 0b987032f8b58ef51cc8a042f46cc0cf1f277172 upstream. Commit 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") is using the IPFS 'num_offsets' value when allocating memory for FPCI context instead of the FPCI 'num_offsets'. After commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") was added system suspend started failing on Tegra186. The kernel log showed that the Tegra XHCI driver was crashing on entry to suspend when attempting the save the USB context. On Tegra186, the IPFS context has a zero length but the FPCI content has a non-zero length, and because of the bug in the Tegra XHCI driver we are incorrectly allocating a zero length array for the FPCI context. The crash seen on entering suspend when we attempt to save the FPCI context and following commit cad064f1bd52 ("devres: handle zero size in devm_kmalloc()") this now causes a NULL pointer deference when we access the memory. Fix this by correcting the amount of memory we are allocating for FPCI contexts. Cc: stable@vger.kernel.org Fixes: 5c4e8d3781bc ("usb: host: xhci-tegra: Add support for XUSB context save/restore") Signed-off-by: Jon Hunter Acked-by: Thierry Reding Link: https://lore.kernel.org/r/20200715113842.30680-1-jonathanh@nvidia.com Signed-off-by: Greg Kroah-Hartman --- drivers/usb/host/xhci-tegra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/host/xhci-tegra.c +++ b/drivers/usb/host/xhci-tegra.c @@ -856,7 +856,7 @@ static int tegra_xusb_init_context(struc if (!tegra->context.ipfs) return -ENOMEM; - tegra->context.fpci = devm_kcalloc(tegra->dev, soc->ipfs.num_offsets, + tegra->context.fpci = devm_kcalloc(tegra->dev, soc->fpci.num_offsets, sizeof(u32), GFP_KERNEL); if (!tegra->context.fpci) return -ENOMEM;