Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp602175rwd;
        Thu, 8 Jun 2023 05:29:11 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ5+5R0BP10drob6Ni3jhuCUEIfmAjw8F/8GSKILlrWiJtj51xM0xtseyIuySLtQSEdzRcvm
X-Received: by 2002:a05:6359:2a0:b0:129:cc43:2ebd with SMTP id ek32-20020a05635902a000b00129cc432ebdmr7399075rwb.23.1686227351549;
        Thu, 08 Jun 2023 05:29:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686227351; cv=none;
        d=google.com; s=arc-20160816;
        b=JdrSMWfVIJ+ZyQ8JMAKuWbpB9xvnlD1OO08/55qvWkMOHmnKKoAjX7zKnGPHtqmihb
         uDLprE6sBAmYktsmYgEBFkb2ZuNCJL9uSp0u1ZkvDCKucHqbldCnmpa/Hr0IB6KyG5jc
         u98sqqJQ6OlPSb/tIbezRp3RXwpLeVbMMkBIRjmVodnGoByLbBJ3221g+up9Wjwm7LEu
         8qrdgc45yaEp9v0kgcVU9zoqKTeyeMBb6Rr0PzMQHcZrCs6/XRQyjg7zZOl3uF5MykOk
         YZPpZ4KphPaHPp1fMEWiNife15fO3XEQ502Rj9hT9zOiEBY/7Crea08cYb+jphj/L984
         oCGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=6aGxu49JxLCfo7s1p0mFO2fonqJX9roT4w8kRBg39TM=;
        b=lvEIE6d+WRq1us1iJG6hAZG3T1MLPzgce+KTya655Ie3O/2Md5TXc6DfFqslGd+0dE
         jjTSRxJL55BRPsBtuO3BBseFbd/6hgEs8WnaoZKAeeW8RziQA3WcR4IBdPdl+fx7FjRB
         wjGj8KGj8Du+hlxdGHdfrZgkZ3SsdAC03TaNOBKKeYdm7omsbX9IJ7HJu0bSD1AGQ6bz
         KusKgyqHhLaqC/yO/D5N8grjC87mTnKBFHNhSLnCfVohwYevETDKSHfWFSyA20wLlkJO
         MO0jb6P9GLA82bW4Jf6HZbEcjSBRH4rPqx1AllVCtLcC3HGODZVSsJnXsZIGQZgjuufo
         +Ueg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=boJKNZpf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q85-20020a632a58000000b0054033bf35f4si889642pgq.773.2023.06.08.05.28.59;
        Thu, 08 Jun 2023 05:29:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=boJKNZpf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235440AbjFHLsn (ORCPT <rfc822;abrown110010@gmail.com>
        + 99 others); Thu, 8 Jun 2023 07:48:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35102 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235755AbjFHLsg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Jun 2023 07:48:36 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29C2526B9;
        Thu,  8 Jun 2023 04:48:25 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id B3F8C61460;
        Thu,  8 Jun 2023 11:48:24 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52451C433D2;
        Thu,  8 Jun 2023 11:48:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1686224904;
        bh=ugZB4JpowTSw5maVY2a7prvIYR/oQ04BV7q0yRRRuls=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=boJKNZpfHyX0Pb4WgHrFV1UsYZ6msrh4OLUMaQP9nJ98IrGgPfTGVm5H03J/JBb2p
         SLhwn+nYzroyktEFi4LMh/Kh0J0bZHlvcV9geFOwv2Vnshdo7kQG7Bgtl4Ed/YDkM+
         ysaDAIOBVk/BCwFTjteUAa7tAaW8OSDMLEU4DHQEcypW1FBPCZbyWDopxad4nXN448
         boenL5l8QYJQY4ZkI75hv6Furka5OLj3sWCnbM1BU/ri6NtT7KQmUw+Xh766Cjd31w
         ItfIAJs0xGH8RHGowJv/c+7USPmJxxTEbvPVspsls02rycaVazddqCIXzWS1bhasfD
         f0AFOVYMU8ESA==
Date:   Thu, 8 Jun 2023 17:18:19 +0530
From:   Vinod Koul <vkoul@kernel.org>
To:     Jon Hunter <jonathanh@nvidia.com>
Cc:     Haotien Hsu <haotienh@nvidia.com>, JC Kuo <jckuo@nvidia.com>,
        Kishon Vijay Abraham I <kishon@kernel.org>,
        Thierry Reding <thierry.reding@gmail.com>,
        Philipp Zabel <p.zabel@pengutronix.de>,
        linux-phy@lists.infradead.org, linux-tegra@vger.kernel.org,
        linux-kernel@vger.kernel.org, Wayne Chang <waynec@nvidia.com>,
        EJ Hsu <ejh@nvidia.com>
Subject: Re: [PATCH v2] phy: tegra: xusb: Fix use-after-free issue
Message-ID: <ZIHAA6QwRkQ+lS45@matsya>
References: <20230508100320.345673-1-haotienh@nvidia.com>
 <e7ae22f4-52c1-62a1-e5c2-71732bcb04b2@nvidia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e7ae22f4-52c1-62a1-e5c2-71732bcb04b2@nvidia.com>
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 06-06-23, 10:39, Jon Hunter wrote:
> Hi Vinod,
> 
> On 08/05/2023 11:03, Haotien Hsu wrote:
> > From: EJ Hsu <ejh@nvidia.com>
> > 
> > For the dual-role port, it will assign the phy dev to usb-phy dev and
> > use the port dev driver as the dev driver of usb-phy.
> > 
> > When we try to destroy the port dev, it will destroy its dev driver
> > as well. But we did not remove the reference from usb-phy dev. This
> > might cause the use-after-free issue in KASAN.
> > 
> > Fixes: e8f7d2f409a1 ("phy: tegra: xusb: Add usb-phy support")
> > Cc: stable@vger.kernel.org
> > 
> > Signed-off-by: EJ Hsu <ejh@nvidia.com>
> > Signed-off-by: Haotien Hsu <haotienh@nvidia.com>
> > ---
> > V1 -> V2: Remove extra movements to clarify the change
> > ---
> >   drivers/phy/tegra/xusb.c | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c
> > index 78045bd6c214..26b66a668f3b 100644
> > --- a/drivers/phy/tegra/xusb.c
> > +++ b/drivers/phy/tegra/xusb.c
> > @@ -568,6 +568,7 @@ static void tegra_xusb_port_unregister(struct tegra_xusb_port *port)
> >   		usb_role_switch_unregister(port->usb_role_sw);
> >   		cancel_work_sync(&port->usb_phy_work);
> >   		usb_remove_phy(&port->usb_phy);
> > +		port->usb_phy.dev->driver = NULL;
> >   	}
> >   	if (port->ops->remove)
> 
> 
> Are you OK to pick this up now?

Changes looks good to me. But title should describe the change, so if
Haotien can change title to reflect the change in patch, I would be
happy to apply

> 
> FWIW ...
> 
> Acked-by: Jon Hunter <jonathanh@nvidia.com>

ofc this should be carried too

> 
> I believe Thierry already ACK'ed V1.
> 
> Jon
> 
> -- 
> nvpublic

-- 
~Vinod