Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp2333475rwr; Sat, 6 May 2023 08:55:46 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4RpzBe57EG283YmK/zJVmjVmmruWSCsv+4T0U9iI2Lne8qWhpOtOqEDwkOKGp1QwsC+6Fq X-Received: by 2002:a17:902:c947:b0:1ab:2659:b533 with SMTP id i7-20020a170902c94700b001ab2659b533mr6187769pla.3.1683388546027; Sat, 06 May 2023 08:55:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683388546; cv=none; d=google.com; s=arc-20160816; b=T+yJPweou0iyI+GwSIF1VcpkZOz5z028evfs1WRT8ICp4WHJbgr1jgHdVbN9AKz6S6 uNcGy4xE341jfIw9tD/5SHbqi/vtJlsi1/MIhM/VBN8KUTqHTPK3ullqbsznsUDvIhfl wo5qpG8rPu5yZacQkKEXHUvwz5Nfysv9tzvD8f+eQoBtGZX8Twd1tA58luTMP6d3poeS F2lq8JAhE9RX6J0DxMIj1iEFwWw/inkyJWVdD2X0MNu9Miqq4KBwTsi6z/Mqt+dnEw2a X2nONlbfSTiTZbHf7VQTH2nLuHXCEXMkWM9KQOGcCz6MhGkq9CACBhXo/+EzWYiP0aXt 0+HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=rGxmDgrGSmdP8ZGtoP9WJ5t1mFnYraOYwvkscwqVs2s=; b=qdhVltC7lZYgeqssCzrp70fWe9e/3vJLzELfNcL0WsoiuE8dObNHNRMAMs1FiJ68wd qJr5cfjPbytWUpNdGvxtLELU2lW4jccTlpBcMpMmVUe8hsvGdULmK4PMlmwHD3aLjZSM 2qtoM0gFkN2Ork6HjA3cGsH6J/l06uMN9qmT2CVueKLWY1AzcxZ68KzuxkXeyAP0BnE/ 7GyvZfvxogZdwRGOsm+qiW4NeUoD8DqExgq5S6JIefoEH4jmFUepBHVjtI1KinuBynVz M6ePmTj5r//dVpLTVhyKWjR/5uUnAHK6Wd8Ll482HkeytZ+R7tX80gHx5SrzrHZN70SD mOeg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o4-20020a170902d4c400b001a8173f468fsi4571222plg.314.2023.05.06.08.55.29; Sat, 06 May 2023 08:55:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232953AbjEFPpf (ORCPT + 99 others); Sat, 6 May 2023 11:45:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231986AbjEFPpd (ORCPT ); Sat, 6 May 2023 11:45:33 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 1D30E191D3 for ; Sat, 6 May 2023 08:45:32 -0700 (PDT) Received: (qmail 481467 invoked by uid 1000); 6 May 2023 11:45:31 -0400 Date: Sat, 6 May 2023 11:45:31 -0400 From: Alan Stern To: Prashanth K Cc: Greg Kroah-Hartman , Xiu Jianfeng , Christophe JAILLET , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] usb: gadget: u_serial: Add null pointer check in gserial_suspend Message-ID: References: <1683278317-11774-1-git-send-email-quic_prashk@quicinc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1683278317-11774-1-git-send-email-quic_prashk@quicinc.com> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 05, 2023 at 02:48:37PM +0530, Prashanth K wrote: > Consider a case where gserial_disconnect has already cleared > gser->ioport. And if gserial_suspend gets called afterwards, > it will lead to accessing of gser->ioport and thus causing > null pointer dereference. > > Avoid this by adding a null pointer check. Added a static > spinlock to prevent gser->ioport from becoming null after > the newly added null pointer check. > > Fixes: aba3a8d01d62 ("usb: gadget: u_serial: add suspend resume callbacks") > Signed-off-by: Prashanth K > --- > drivers/usb/gadget/function/u_serial.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c > index a0ca47f..e5d522d 100644 > --- a/drivers/usb/gadget/function/u_serial.c > +++ b/drivers/usb/gadget/function/u_serial.c > @@ -1420,10 +1420,19 @@ EXPORT_SYMBOL_GPL(gserial_disconnect); > > void gserial_suspend(struct gserial *gser) > { > - struct gs_port *port = gser->ioport; > + struct gs_port *port; > unsigned long flags; > > - spin_lock_irqsave(&port->port_lock, flags); > + spin_lock_irqsave(&serial_port_lock, flags); > + port = gser->ioport; > + > + if (!port) { > + spin_unlock_irqrestore(&serial_port_lock, flags); > + return; > + } > + > + spin_lock(&port->port_lock); > + spin_unlock(&serial_port_lock); > port->suspended = true; > spin_unlock_irqrestore(&port->port_lock, flags); > } This looks fine to me, but I'm not a serial-gadget maintainer. In fact, it looks like we don't have a serial-gadget maintainer. Alan Stern