Received: by 2002:a05:7412:9c07:b0:fa:6e18:a558 with SMTP id lr7csp508108rdb; Sat, 27 Jan 2024 17:30:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IHTn1olIoUEgn1pYJU9kZwOedjlu/v4czI67aaq4NM/7x5KMmrRLbeofvXeZfSZBCO+q1TA X-Received: by 2002:a05:620a:5593:b0:783:de8e:4445 with SMTP id vq19-20020a05620a559300b00783de8e4445mr2765944qkn.99.1706405447395; Sat, 27 Jan 2024 17:30:47 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706405447; cv=pass; d=google.com; s=arc-20160816; b=GDdOqRmpOumAdukQjbeJeFT17dE9AAIen0n0KhkC4zFaYsHTZRLQrMIKaqu7lnN5kq hQ2Q+7jdXUVqAEV5UDqWDRXB24QAesIoQnNCbYcmVqqwOCgaaaoR4xjmODJtwkYdrV0A r1nQXeje8jrhXOsVkNaVZ5xJXsKTq+1JFy1kKkPFZ8/VCZIuYIoYGyPggFNCmKzy8Hq/ hQ5Xj9T3lJiPLt8rSQbTh+hBchqleA55DCVOBF5NnrjtN+pCMwPCm6r9F8seffOD1dBg oi9LnG+Y+l1cnDusnAOSwlcxlALT+sm3pi6tAbiYqaD/oMvoJT6mWnppYl+F1/MuhRf9 XafA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=sIkosdT/ONeqJHURGAsPHRC5zqp6QySYp97IY3ZHLIE=; fh=OFKJ3cbfAF4JdBQqJO8QuWxMKG/X17rba1AgDre10dQ=; b=ssgVybI3FFaCRMwcAQZ5/sDKcOSg/OTLjsVjEhMDr0iOSllfRNjWqJPUxIxRVzdkYM 7oimVpUC4IUGbRLfOERG8A6nLWoBeliqqjexDjy8yDXzySz7BmIjmhKhxMRJU+7Lvbl8 /1SWzi6JE7QXdI6ZFmeZ0ev9yXcxSb0LLzTQg/O3S4R3Rs4Hiwjjpq1kBSrxi2Lot2I9 1wJ9UC3db3exwpUccSDL2m4kCwacCU7CoeFfVufX7YCyjciaoiucUY/izRt/+6wvTMDN 3kv3yoCQqlHAg9cUr2mAgbjY4arb4XBNl5MEGfBgt5waKuVC3AN5NychB3x6t4abkWMF BYqQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WWQu0ndt; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id h13-20020a17090acf0d00b0029058af1c92si5581834pju.166.2024.01.27.17.30.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Jan 2024 17:30:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WWQu0ndt; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 0CEF8B21FA8 for ; Sun, 28 Jan 2024 01:29:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 00AB2186F; Sun, 28 Jan 2024 01:29:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="WWQu0ndt" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 112211113; Sun, 28 Jan 2024 01:29:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706405386; cv=none; b=hq3i15swHjp+q+4eWZyHpxu57Vi0tcu32tc620aTW4AIIfNTEXQw2shW0FLD8u7XyM2eEUZxKSmEjrQyvI/8kdhboyGL5YVDkTCSY80sG/WJtgMyHHwRS/TW/qxGJFu8twQVeOlSVR52qFRBPwuEzLsgP1i3MhnFYFLHLDy6qxE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706405386; c=relaxed/simple; bh=iPTcSpldKderHfTJOkFotGkZbDgZ0cvvdpUsSLEh7zo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MFIKq/0bPvvShUPORPW3GtK1xMrIK5rM1qAnYVx5hlb/qApSFZ+RhAw4mGuf+OvQF5AdqBf6cZxfNY7p+r3OxazhhfLc16IRcK9pbu56mRURYryf7IlXSz7gAGzn4W7NYhgCij8sVcUllz/k2A1JCkMoc5rEvW5Ec9GnpWp+BU8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=WWQu0ndt; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C809C433C7; Sun, 28 Jan 2024 01:29:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1706405385; bh=iPTcSpldKderHfTJOkFotGkZbDgZ0cvvdpUsSLEh7zo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=WWQu0ndtlfL0E4lf7y8G3LZpKWF/0SDnXDILj175K62E4y/nqw6+1jL1MR64AmCXx jMi3LRMdQ4nsgMVEHmFUz2ZL3r9bNPJTXnrgDS9v+xoXW6ZFm8/0W2J5kiQXOd/OQt 4AlBMD8/RN8AS2oE3vkBA3taVfjsWhrK/+hiBy4w= Date: Sat, 27 Jan 2024 17:29:43 -0800 From: Greg KH To: Jiri Slaby Cc: Kuen-Han Tsai , quic_prashk@quicinc.com, stern@rowland.harvard.edu, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] usb: gadget: u_serial: Add null pointer checks after RX/TX submission Message-ID: <2024012724-chirpy-google-51bb@gregkh> References: <20240116141801.396398-1-khtsai@google.com> <02bec7b8-7754-4b9d-84ae-51621d6aa7ec@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <02bec7b8-7754-4b9d-84ae-51621d6aa7ec@kernel.org> On Thu, Jan 18, 2024 at 10:27:54AM +0100, Jiri Slaby wrote: > On 16. 01. 24, 15:16, Kuen-Han Tsai wrote: > > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in > > gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't > > fully fix the potential null pointer dereference issue. While > > gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx() > > and gs_start_tx() release the lock during endpoint request submission. > > This creates a window where gs_close() could set port->port_tty to NULL, > > leading to a dereference when the lock is reacquired. > > > > This patch adds a null pointer check for port->port_tty after RX/TX > > submission, and removes the initial null pointer check in gs_start_io() > > since the caller must hold port_lock and guarantee non-null values for > > port_usb and port_tty. > > Or you switch to tty_port refcounting and need not fiddling with this at all > ;). I agree, Kuen-Han, why not do that instead? thanks, greg k-h