diff options
| author | Johan Hovold <[email protected]> | 2023-06-07 12:05:39 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <[email protected]> | 2023-06-13 11:52:32 +0200 |
| commit | d2d69354226de0b333d4405981f3d9c41ba8430a (patch) | |
| tree | 705f9ddbf903010f2d68a37ba2bc88eb56a644e4 /lib/mpi/mpi-bit.c | |
| parent | 00f8205ffcf112dcef14f8151d78075d38d22c08 (diff) | |
USB: dwc3: qcom: fix NULL-deref on suspend
The Qualcomm dwc3 glue driver is currently accessing the driver data of
the child core device during suspend and on wakeup interrupts. This is
clearly a bad idea as the child may not have probed yet or could have
been unbound from its driver.
The first such layering violation was part of the initial version of the
driver, but this was later made worse when the hack that accesses the
driver data of the grand child xhci device to configure the wakeup
interrupts was added.
Fixing this properly is not that easily done, so add a sanity check to
make sure that the child driver data is non-NULL before dereferencing it
for now.
Note that this relies on subtleties like the fact that driver core is
making sure that the parent is not suspended while the child is probing.
Reported-by: Manivannan Sadhasivam <[email protected]>
Link: https://lore.kernel.org/all/[email protected]/
Fixes: d9152161b4bf ("usb: dwc3: Add Qualcomm DWC3 glue layer driver")
Fixes: 6895ea55c385 ("usb: dwc3: qcom: Configure wakeup interrupts during suspend")
Cc: [email protected] # 3.18: a872ab303d5d: "usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup"
Cc: Sandeep Maheswaram <[email protected]>
Cc: Krishna Kurapati <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Acked-by: Thinh Nguyen <[email protected]>
Reviewed-by: Manivannan Sadhasivam <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Diffstat (limited to 'lib/mpi/mpi-bit.c')
0 files changed, 0 insertions, 0 deletions