Received: by 2002:a05:7412:9c07:b0:fa:6e18:a558 with SMTP id lr7csp508108rdb;
        Sat, 27 Jan 2024 17:30:47 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHTn1olIoUEgn1pYJU9kZwOedjlu/v4czI67aaq4NM/7x5KMmrRLbeofvXeZfSZBCO+q1TA
X-Received: by 2002:a05:620a:5593:b0:783:de8e:4445 with SMTP id vq19-20020a05620a559300b00783de8e4445mr2765944qkn.99.1706405447395;
        Sat, 27 Jan 2024 17:30:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706405447; cv=pass;
        d=google.com; s=arc-20160816;
        b=GDdOqRmpOumAdukQjbeJeFT17dE9AAIen0n0KhkC4zFaYsHTZRLQrMIKaqu7lnN5kq
         hQ2Q+7jdXUVqAEV5UDqWDRXB24QAesIoQnNCbYcmVqqwOCgaaaoR4xjmODJtwkYdrV0A
         r1nQXeje8jrhXOsVkNaVZ5xJXsKTq+1JFy1kKkPFZ8/VCZIuYIoYGyPggFNCmKzy8Hq/
         hQ5Xj9T3lJiPLt8rSQbTh+hBchqleA55DCVOBF5NnrjtN+pCMwPCm6r9F8seffOD1dBg
         oi9LnG+Y+l1cnDusnAOSwlcxlALT+sm3pi6tAbiYqaD/oMvoJT6mWnppYl+F1/MuhRf9
         XafA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=sIkosdT/ONeqJHURGAsPHRC5zqp6QySYp97IY3ZHLIE=;
        fh=OFKJ3cbfAF4JdBQqJO8QuWxMKG/X17rba1AgDre10dQ=;
        b=ssgVybI3FFaCRMwcAQZ5/sDKcOSg/OTLjsVjEhMDr0iOSllfRNjWqJPUxIxRVzdkYM
         7oimVpUC4IUGbRLfOERG8A6nLWoBeliqqjexDjy8yDXzySz7BmIjmhKhxMRJU+7Lvbl8
         /1SWzi6JE7QXdI6ZFmeZ0ev9yXcxSb0LLzTQg/O3S4R3Rs4Hiwjjpq1kBSrxi2Lot2I9
         1wJ9UC3db3exwpUccSDL2m4kCwacCU7CoeFfVufX7YCyjciaoiucUY/izRt/+6wvTMDN
         3kv3yoCQqlHAg9cUr2mAgbjY4arb4XBNl5MEGfBgt5waKuVC3AN5NychB3x6t4abkWMF
         BYqQ==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WWQu0ndt;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id h13-20020a17090acf0d00b0029058af1c92si5581834pju.166.2024.01.27.17.30.46
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 27 Jan 2024 17:30:47 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=WWQu0ndt;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-41492-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 0CEF8B21FA8
	for <linux.lists.archive@gmail.com>; Sun, 28 Jan 2024 01:29:59 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 00AB2186F;
	Sun, 28 Jan 2024 01:29:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="WWQu0ndt"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 112211113;
	Sun, 28 Jan 2024 01:29:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1706405386; cv=none; b=hq3i15swHjp+q+4eWZyHpxu57Vi0tcu32tc620aTW4AIIfNTEXQw2shW0FLD8u7XyM2eEUZxKSmEjrQyvI/8kdhboyGL5YVDkTCSY80sG/WJtgMyHHwRS/TW/qxGJFu8twQVeOlSVR52qFRBPwuEzLsgP1i3MhnFYFLHLDy6qxE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1706405386; c=relaxed/simple;
	bh=iPTcSpldKderHfTJOkFotGkZbDgZ0cvvdpUsSLEh7zo=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=MFIKq/0bPvvShUPORPW3GtK1xMrIK5rM1qAnYVx5hlb/qApSFZ+RhAw4mGuf+OvQF5AdqBf6cZxfNY7p+r3OxazhhfLc16IRcK9pbu56mRURYryf7IlXSz7gAGzn4W7NYhgCij8sVcUllz/k2A1JCkMoc5rEvW5Ec9GnpWp+BU8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=WWQu0ndt; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C809C433C7;
	Sun, 28 Jan 2024 01:29:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1706405385;
	bh=iPTcSpldKderHfTJOkFotGkZbDgZ0cvvdpUsSLEh7zo=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=WWQu0ndtlfL0E4lf7y8G3LZpKWF/0SDnXDILj175K62E4y/nqw6+1jL1MR64AmCXx
	 jMi3LRMdQ4nsgMVEHmFUz2ZL3r9bNPJTXnrgDS9v+xoXW6ZFm8/0W2J5kiQXOd/OQt
	 4AlBMD8/RN8AS2oE3vkBA3taVfjsWhrK/+hiBy4w=
Date: Sat, 27 Jan 2024 17:29:43 -0800
From: Greg KH <gregkh@linuxfoundation.org>
To: Jiri Slaby <jirislaby@kernel.org>
Cc: Kuen-Han Tsai <khtsai@google.com>, quic_prashk@quicinc.com,
	stern@rowland.harvard.edu, linux-usb@vger.kernel.org,
	linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] usb: gadget: u_serial: Add null pointer checks after
 RX/TX submission
Message-ID: <2024012724-chirpy-google-51bb@gregkh>
References: <20240116141801.396398-1-khtsai@google.com>
 <02bec7b8-7754-4b9d-84ae-51621d6aa7ec@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <02bec7b8-7754-4b9d-84ae-51621d6aa7ec@kernel.org>

On Thu, Jan 18, 2024 at 10:27:54AM +0100, Jiri Slaby wrote:
> On 16. 01. 24, 15:16, Kuen-Han Tsai wrote:
> > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in
> > gs_start_io") adds null pointer checks to gs_start_io(), but it doesn't
> > fully fix the potential null pointer dereference issue. While
> > gserial_connect() calls gs_start_io() with port_lock held, gs_start_rx()
> > and gs_start_tx() release the lock during endpoint request submission.
> > This creates a window where gs_close() could set port->port_tty to NULL,
> > leading to a dereference when the lock is reacquired.
> > 
> > This patch adds a null pointer check for port->port_tty after RX/TX
> > submission, and removes the initial null pointer check in gs_start_io()
> > since the caller must hold port_lock and guarantee non-null values for
> > port_usb and port_tty.
> 
> Or you switch to tty_port refcounting and need not fiddling with this at all
> ;).

I agree, Kuen-Han, why not do that instead?

thanks,

greg k-h