Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp1037346pxb; Thu, 17 Feb 2022 22:17:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJxBWut10SQMQF6FqDX3XUDvSl89LFpWFNc/zyA3LIDm+uS3eYD9c4+N12TJWH163PVnruU1 X-Received: by 2002:a17:907:f81:b0:6ce:7247:557d with SMTP id kb1-20020a1709070f8100b006ce7247557dmr5272587ejc.308.1645165076678; Thu, 17 Feb 2022 22:17:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645165076; cv=none; d=google.com; s=arc-20160816; b=j+dRJg7DND85R3MI7YaIJ0A+uMfXigtlzN/hmXtD/6xLDL20ckanbR1+zQF0qwTh1i JsMKVmCx2rVnV9bPDQcoAkAB/FQDuv7EVW4v7XFKH3gxf4mUFYB1LVJZyZVt8dE894hD Q5YAQ1t5BxOMQ+EoCWDZYi8ZZ7KX/kl34uZ4mJOZQuxx8j5qRg+sUSEsnmrwUxAxeKh1 ma/UGGG2bcCS9y/drZJrZ9J0m6V+61I/i+Gt9spgxYjOJsogXbOmmAwzbE2Mz1ORRwYw JG9Ux0OUtlZSELQGPBoN8Rw7At9qIxUKfNn63KvZjuglgYjTA08hcJezR4m5R+3KMtYd oh1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:dlp-filter:cms-type:message-id:date :subject:cc:to:from:dkim-signature:dkim-filter; bh=/3mzPEe2xJULE51u7JXzlalFBnc6s+qxmL4k9iF36qk=; b=rR4EvTjpHJQo1ja7UZj3NnWKXj/h5oeZbeQDoS2RFfRKgkuHugl2sBFzjdYEd7f1Yw kSeoYnPgTc6EOL28ziDDTgVGhM4FpUxmQvuO0uGUCh4xeibJnnY8d9/LhOdaklmRkQqg jGgQAV8iW2TN7i+nXeTCqkzXYNeBOE8QpVztKaZqwgnAb+AN6JDCLRJ4ho4GGaNpJ1Gh 9ryD6ZJtQI8PCk4lKRbr7kFR6fo4MXxpCVWOGAtmSPPYTqILxDvLNppoeggcD8IpYKVb W7QL8/PgBOhUL1xQVvFj+o+eazN0yHh46BIbhnw+HGCIC9xfNJXcLlkkCcAi3bpuwDkm xt5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@samsung.com header.s=mail20170921 header.b=IOgyoh+M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=samsung.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gb16si3534330ejc.205.2022.02.17.22.17.33; Thu, 17 Feb 2022 22:17:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@samsung.com header.s=mail20170921 header.b=IOgyoh+M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=samsung.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230203AbiBRFc5 (ORCPT + 99 others); Fri, 18 Feb 2022 00:32:57 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:46448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229719AbiBRFcz (ORCPT ); Fri, 18 Feb 2022 00:32:55 -0500 Received: from mailout4.samsung.com (mailout4.samsung.com [203.254.224.34]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24B0FC559D for ; Thu, 17 Feb 2022 21:32:38 -0800 (PST) Received: from epcas2p3.samsung.com (unknown [182.195.41.55]) by mailout4.samsung.com (KnoxPortal) with ESMTP id 20220218053236epoutp04d67600e141d552f32b35a6fe613eed3a~UynJITs8h0102201022epoutp04L for ; Fri, 18 Feb 2022 05:32:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout4.samsung.com 20220218053236epoutp04d67600e141d552f32b35a6fe613eed3a~UynJITs8h0102201022epoutp04L DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1645162356; bh=/3mzPEe2xJULE51u7JXzlalFBnc6s+qxmL4k9iF36qk=; h=From:To:Cc:Subject:Date:References:From; b=IOgyoh+MoY/MgpVLucr4g5foDKwvLI+4dsgWENDLkFTtCRtAcRLs1pY0aHyVL/83L sx6bkZfnraPSZzUBsObY3s34lu3Uw/73Pfom8N2FtNxAyOUGcqykqPuvCmPRcg6qp/ slMIX8c0h9V9dsgykhClWU3LIEMekMIo6I/UhNMY= Received: from epsnrtp2.localdomain (unknown [182.195.42.163]) by epcas2p2.samsung.com (KnoxPortal) with ESMTP id 20220218053235epcas2p214e20afb27d5b392e217de4f3ad36f56~UynIU6IzB2212722127epcas2p29; Fri, 18 Feb 2022 05:32:35 +0000 (GMT) Received: from epsmges2p4.samsung.com (unknown [182.195.36.68]) by epsnrtp2.localdomain (Postfix) with ESMTP id 4K0L1W404jz4x9QH; Fri, 18 Feb 2022 05:32:31 +0000 (GMT) Received: from epcas2p1.samsung.com ( [182.195.41.53]) by epsmges2p4.samsung.com (Symantec Messaging Gateway) with SMTP id EE.44.12141.8DE2F026; Fri, 18 Feb 2022 14:30:00 +0900 (KST) Received: from epsmtrp1.samsung.com (unknown [182.195.40.13]) by epcas2p1.samsung.com (KnoxPortal) with ESMTPA id 20220218053230epcas2p1c63c8b28e7448988727221e0265c64fc~UynEN5-xG1023810238epcas2p1K; Fri, 18 Feb 2022 05:32:30 +0000 (GMT) Received: from epsmgms1p1new.samsung.com (unknown [182.195.42.41]) by epsmtrp1.samsung.com (KnoxPortal) with ESMTP id 20220218053230epsmtrp14a3ed867cd919c7c3bd637ec45f950b5~UynENfylY1115011150epsmtrp15; Fri, 18 Feb 2022 05:32:30 +0000 (GMT) X-AuditID: b6c32a48-d5dff70000002f6d-73-620f2ed88aa8 Received: from epsmtip2.samsung.com ( [182.195.34.31]) by epsmgms1p1new.samsung.com (Symantec Messaging Gateway) with SMTP id 8C.05.29871.E6F2F026; Fri, 18 Feb 2022 14:32:30 +0900 (KST) Received: from ubuntu.dsn.sec.samsung.com (unknown [12.36.155.120]) by epsmtip2.samsung.com (KnoxPortal) with ESMTPA id 20220218053230epsmtip20d5ee0b0180143f058cd5ab95033a8b0~UynD9r6p_1926019260epsmtip2K; Fri, 18 Feb 2022 05:32:30 +0000 (GMT) From: Daehwan Jung To: Felipe Balbi , Greg Kroah-Hartman , Muchun Song , Andrew Morton , Christian Brauner , Stephen Rothwell Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org (open list), Daehwan Jung Subject: usb: gadget: function: add spinlock for rndis response list Date: Fri, 18 Feb 2022 14:29:55 +0900 Message-Id: <1645162195-54476-1-git-send-email-dh10.jung@samsung.com> X-Mailer: git-send-email 2.7.4 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKKsWRmVeSWpSXmKPExsWy7bCmqe4NPf4kgyXPJS3mrF/DZnGs7Qm7 xdZviRZ3FkxjsmhevJ7N4vKuOWwWi5a1Mlts3XuV3eLg/XPMDpwe/06sYfNovHGDzWPTqk42 jxMzfrN47J+7ht2jb8sqRo8Hk94wenzeJBfAEZVtk5GamJJapJCal5yfkpmXbqvkHRzvHG9q ZmCoa2hpYa6kkJeYm2qr5OIToOuWmQN0npJCWWJOKVAoILG4WEnfzqYov7QkVSEjv7jEVim1 ICWnwLxArzgxt7g0L10vL7XEytDAwMgUqDAhO2PXhL+MBdPEK2ZNe8rcwLheuIuRk0NCwERi w8bbbCC2kMAORolJS1W6GLmA7E+MEmc/9bFBON8YJZrebWeD6fi/9B0rRGIvo8S9OZOhnB9A VRtfAzkcHGwCWhLfFzKCxEUEOpgkHq5fwQrSzSyQL/Hq6m0WEFtYwEXixdRZTCA2i4CqxNTX W8FsXgFXibbm+4wQ2+Qkbp7rZAYZJCFwiV3i04r1zCALJICat9yB+kFY4tXxLewQtpTEy/42 KLtYYtenViaI3gZGicYHJ5ghEsYSs561M4LMYRbQlFi/Sx9ipLLEkVssEGfySXQc/ssOEeaV 6GgTgmhUlph+eQIrhC0pcfD1OahjPCTev/eCBGKsRO/PW0wTGGVnIYxfwMi4ilEstaA4Nz21 2KjABB5Fyfm5mxjB6U3LYwfj7Lcf9A4xMnEwHmKU4GBWEuH9cJA3SYg3JbGyKrUoP76oNCe1 +BCjKTC0JjJLiSbnAxNsXkm8oYmlgYmZmaG5kamBuZI4r1fKhkQhgfTEktTs1NSC1CKYPiYO TqkGJrNYseMnN2x58H/9nFsf24K+cSQUWWzcxr3vicLLyLLELWx8jwRvpUbxnpmvvyDzf1BP xsoOxevvrR7WBNctVs9nruPcon5Yrlz0SkT889QTOhsms5QleV3rEtZS3/7zovAjV8lepV0r xWJu3sg71jjTOldCfMFC8Y/27gs4ohYJ7fwnIrqm7ll5tZ5Z77bnP9/tPlv/nX+zqG5064oN Xbf94ybGKfPXOx2SV9n27WK9p9mFjUVdO9qWa76uWjuvxX0Vd/qBs9YK538c2uCidFpe4Nvk +gOWFqsOdCtVNPzZKyDRYXJYRT1WyWGdm5PrivN8K7pz5mhISwka6vz2Z1+gkHJ9uUSxwYlD dQbsSizFGYmGWsxFxYkAbS2u8PgDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOLMWRmVeSWpSXmKPExsWy7bCSvG6ePn+SwaLzqhZz1q9hszjW9oTd Yuu3RIs7C6YxWTQvXs9mcXnXHDaLRctamS227r3KbnHw/jlmB06PfyfWsHk03rjB5rFpVSeb x4kZv1k89s9dw+7Rt2UVo8eDSW8YPT5vkgvgiOKySUnNySxLLdK3S+DK2DXhL2PBNPGKWdOe MjcwrhfuYuTkkBAwkfi/9B1rFyMXh5DAbkaJ57+/MUEkJCWWzr3BDmELS9xvOQJV9I1Rov3r QZYuRg4ONgEtie8LGUHiIgI9TBLTT68Ha2AWKJQ4tGgRmC0s4CLxYuossKEsAqoSU19vBbN5 BVwl2prvM0IskJO4ea6TeQIjzwJGhlWMkqkFxbnpucWGBYZ5qeV6xYm5xaV56XrJ+bmbGMFh p6W5g3H7qg96hxiZOBgPMUpwMCuJ8H44yJskxJuSWFmVWpQfX1Sak1p8iFGag0VJnPdC18l4 IYH0xJLU7NTUgtQimCwTB6dUA9MK1t71LWJ2/BdCeq/2b8rgfiZyY9+y6t3vX9Uwu7z12t02 0cN5S9DElISizzvyZpWuTn7LOTuYYyLb7sPbhDxjou7sn7Q3pHP6B74AzfIdS74oXYxiXiCu ne5u4hu7PfAA57n2g4szKuW/uXh8VFZc7S0cIZIb2Punr3CvQetC/XRvI6WK07873n64IOqz 9L91yRG2XOYJx7ws7U9cmRmxouZFHn97y5WNl3LunphTaSB4bdXzR4cvBJ2J/z0p17B42pr6 iVaTX53a3FwsJbZqkdP+Expq4dxHW0SClOXnKV+8GefxScxhwnPV7tdJ0bPOSZ3u9n9/6PQe Vr27PTkz5D/c/hXDen3XB8afV/YpsRRnJBpqMRcVJwIAiV8/hKoCAAA= X-CMS-MailID: 20220218053230epcas2p1c63c8b28e7448988727221e0265c64fc X-Msg-Generator: CA Content-Type: text/plain; charset="utf-8" X-Sendblock-Type: AUTO_CONFIDENTIAL CMS-TYPE: 102P DLP-Filter: Pass X-CFilter-Loop: Reflected X-CMS-RootMailID: 20220218053230epcas2p1c63c8b28e7448988727221e0265c64fc References: X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There's no lock for rndis response list. It could cause list corruption if two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was ffffff883dc36f80. (next=ffffff80651764d0). [ 361.904380] [1: irq/191-dwc3:16979] Call trace: [ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4 [ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c Fixes: f6281af9d62e ("usb: gadget: rndis: use list_for_each_entry_safe") Signed-off-by: Daehwan Jung --- drivers/usb/gadget/function/rndis.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c index b7ccf1803656..b4d58324e2d2 100644 --- a/drivers/usb/gadget/function/rndis.c +++ b/drivers/usb/gadget/function/rndis.c @@ -1011,16 +1011,21 @@ void rndis_add_hdr(struct sk_buff *skb) } EXPORT_SYMBOL_GPL(rndis_add_hdr); +/* add spinlock to prevent race condition for rndis response list */ +static DEFINE_SPINLOCK(resp_lock); + void rndis_free_response(struct rndis_params *params, u8 *buf) { rndis_resp_t *r, *n; + spin_lock(&resp_lock); list_for_each_entry_safe(r, n, ¶ms->resp_queue, list) { if (r->buf == buf) { list_del(&r->list); kfree(r); } } + spin_unlock(&resp_lock); } EXPORT_SYMBOL_GPL(rndis_free_response); @@ -1030,14 +1035,17 @@ u8 *rndis_get_next_response(struct rndis_params *params, u32 *length) if (!length) return NULL; + spin_lock(&resp_lock); list_for_each_entry_safe(r, n, ¶ms->resp_queue, list) { if (!r->send) { r->send = 1; *length = r->length; + spin_unlock(&resp_lock); return r->buf; } } + spin_unlock(&resp_lock); return NULL; } EXPORT_SYMBOL_GPL(rndis_get_next_response); @@ -1054,7 +1062,9 @@ static rndis_resp_t *rndis_add_response(struct rndis_params *params, u32 length) r->length = length; r->send = 0; + spin_lock(&resp_lock); list_add_tail(&r->list, ¶ms->resp_queue); + spin_unlock(&resp_lock); return r; } -- 2.31.1