From 4b3f9bc28d73594ca12125204ce31c39ab2b6e41 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Tue, 6 Dec 2016 19:19:53 +0100 Subject: [PATCH] kernel: fix potential crash in usbport LED trigger driver MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This backports upstream accepted fix. Signed-off-by: Rafał Miłecki --- ...re-Introduce-a-USB-port-LED-trigger.patch} | 0 ...-Use-proper-LED-API-to-fix-potential.patch | 70 +++++++++++++++++++ 2 files changed, 70 insertions(+) rename target/linux/generic/patches-4.4/{084-usb-core-Introduce-a-USB-port-LED-trigger.patch => 084-0001-usb-core-Introduce-a-USB-port-LED-trigger.patch} (100%) create mode 100644 target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch diff --git a/target/linux/generic/patches-4.4/084-usb-core-Introduce-a-USB-port-LED-trigger.patch b/target/linux/generic/patches-4.4/084-0001-usb-core-Introduce-a-USB-port-LED-trigger.patch similarity index 100% rename from target/linux/generic/patches-4.4/084-usb-core-Introduce-a-USB-port-LED-trigger.patch rename to target/linux/generic/patches-4.4/084-0001-usb-core-Introduce-a-USB-port-LED-trigger.patch diff --git a/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch b/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch new file mode 100644 index 0000000000..ec41a2dc21 --- /dev/null +++ b/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch @@ -0,0 +1,70 @@ +From 89778ba335e302a450932ce5b703c1ee6216e949 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Tue, 6 Dec 2016 00:39:33 +0100 +Subject: [PATCH] usb: core: usbport: Use proper LED API to fix potential crash +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Calling brightness_set manually isn't safe as some LED drivers don't +implement this callback. The best idea is to just use a proper helper +which will fallback to the brightness_set_blocking callback if needed. + +This fixes: +[ 1461.761528] Unable to handle kernel NULL pointer dereference at virtual address 00000000 +(...) +[ 1462.117049] Backtrace: +[ 1462.119521] [] (usbport_trig_port_store [ledtrig_usbport]) from [] (dev_attr_store+0x20/0x2c) +[ 1462.129826] r7:dcabc7c0 r6:dee0ff80 r5:00000002 r4:bf228164 +[ 1462.135511] [] (dev_attr_store) from [] (sysfs_kf_write+0x48/0x4c) +[ 1462.143459] r5:00000002 r4:c023f738 +[ 1462.147049] [] (sysfs_kf_write) from [] (kernfs_fop_write+0xf8/0x1f8) +[ 1462.155258] r5:00000002 r4:df4a1000 +[ 1462.158850] [] (kernfs_fop_write) from [] (__vfs_write+0x34/0x120) +[ 1462.166800] r10:00000000 r9:dee0e000 r8:c000fc24 r7:00000002 r6:dee0ff80 r5:c01689c0 +[ 1462.174660] r4:df727a80 +[ 1462.177204] [] (__vfs_write) from [] (vfs_write+0xac/0x170) +[ 1462.184543] r9:dee0e000 r8:c000fc24 r7:dee0ff80 r6:b6f092d0 r5:df727a80 r4:00000002 +[ 1462.192319] [] (vfs_write) from [] (SyS_write+0x4c/0xa8) +[ 1462.199396] r9:dee0e000 r8:c000fc24 r7:00000002 r6:b6f092d0 r5:df727a80 r4:df727a80 +[ 1462.207174] [] (SyS_write) from [] (ret_fast_syscall+0x0/0x3c) +[ 1462.214774] r7:00000004 r6:ffffffff r5:00000000 r4:00000000 +[ 1462.220456] Code: bad PC value +[ 1462.223560] ---[ end trace 676638a3a12c7a56 ]--- + +Reported-by: Ralph Sennhauser +Signed-off-by: Rafał Miłecki +Fixes: 0f247626cbb ("usb: core: Introduce a USB port LED trigger") +Cc: stable@vger.kernel.org # 4.9+ +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/core/ledtrig-usbport.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/usb/core/ledtrig-usbport.c ++++ b/drivers/usb/core/ledtrig-usbport.c +@@ -74,8 +74,7 @@ static void usbport_trig_update_count(st + + usbport_data->count = 0; + usb_for_each_dev(usbport_data, usbport_trig_usb_dev_check); +- led_cdev->brightness_set(led_cdev, +- usbport_data->count ? LED_FULL : LED_OFF); ++ led_set_brightness(led_cdev, usbport_data->count ? LED_FULL : LED_OFF); + } + + /*************************************** +@@ -228,12 +227,12 @@ static int usbport_trig_notify(struct no + case USB_DEVICE_ADD: + usbport_trig_add_usb_dev_ports(usb_dev, usbport_data); + if (observed && usbport_data->count++ == 0) +- led_cdev->brightness_set(led_cdev, LED_FULL); ++ led_set_brightness(led_cdev, LED_FULL); + return NOTIFY_OK; + case USB_DEVICE_REMOVE: + usbport_trig_remove_usb_dev_ports(usbport_data, usb_dev); + if (observed && --usbport_data->count == 0) +- led_cdev->brightness_set(led_cdev, LED_OFF); ++ led_set_brightness(led_cdev, LED_OFF); + return NOTIFY_OK; + } + -- 2.25.1