linux

iv/linux

Go to file

Michał Mirosław 38a41a0c02 usb: chipidea: Fix DMA overwrite for Tegra

[ Upstream commit 7ab8716713c931ac79988f2592e1cf8b2e4fec1b ]

Tegra USB controllers seem to issue DMA in full 32-bit words only and thus
may overwrite unevenly-sized buffers.  One such occurrence is detected by
SLUB when receiving a reply to a 1-byte buffer (below).  Fix this by
allocating a bounce buffer also for buffers with sizes not a multiple of 4.

=============================================================================
BUG kmalloc-64 (Tainted: G    B             ): kmalloc Redzone overwritten
-----------------------------------------------------------------------------

0x8555cd02-0x8555cd03 @offset=3330. First byte 0x0 instead of 0xcc
Allocated in usb_get_status+0x2b/0xac age=1 cpu=3 pid=41
 __kmem_cache_alloc_node+0x12f/0x1e4
 __kmalloc+0x33/0x8c
 usb_get_status+0x2b/0xac
 hub_probe+0x5e9/0xcec
 usb_probe_interface+0xbf/0x21c
 really_probe+0xa5/0x2c4
 __driver_probe_device+0x75/0x174
 driver_probe_device+0x31/0x94
 __device_attach_driver+0x65/0xc0
 bus_for_each_drv+0x4b/0x74
 __device_attach+0x69/0x120
 bus_probe_device+0x65/0x6c
 device_add+0x48b/0x5f8
 usb_set_configuration+0x37b/0x6b4
 usb_generic_driver_probe+0x37/0x68
 usb_probe_device+0x35/0xb4
Slab 0xbf622b80 objects=21 used=18 fp=0x8555cdc0 flags=0x800(slab|zone=0)
Object 0x8555cd00 @offset=3328 fp=0x00000000

Redzone  8555ccc0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Redzone  8555ccd0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Redzone  8555cce0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Redzone  8555ccf0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Object   8555cd00: 01 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc  ................
Object   8555cd10: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Object   8555cd20: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Object   8555cd30: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc  ................
Redzone  8555cd40: cc cc cc cc                                      ....
Padding  8555cd74: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
CPU: 3 PID: 41 Comm: kworker/3:1 Tainted: G    B              6.6.0-rc1mq-00118-g59786f827ea1 #1115
Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
Workqueue: usb_hub_wq hub_event
[<8010ca28>] (unwind_backtrace) from [<801090a5>] (show_stack+0x11/0x14)
[<801090a5>] (show_stack) from [<805da2fb>] (dump_stack_lvl+0x4d/0x7c)
[<805da2fb>] (dump_stack_lvl) from [<8026464f>] (check_bytes_and_report+0xb3/0xe4)
[<8026464f>] (check_bytes_and_report) from [<802648e1>] (check_object+0x261/0x290)
[<802648e1>] (check_object) from [<802671b1>] (free_to_partial_list+0x105/0x3f8)
[<802671b1>] (free_to_partial_list) from [<80268613>] (__kmem_cache_free+0x103/0x128)
[<80268613>] (__kmem_cache_free) from [<80425a67>] (usb_get_status+0x73/0xac)
[<80425a67>] (usb_get_status) from [<80421b31>] (hub_probe+0x5e9/0xcec)
[<80421b31>] (hub_probe) from [<80428bbb>] (usb_probe_interface+0xbf/0x21c)
[<80428bbb>] (usb_probe_interface) from [<803ee13d>] (really_probe+0xa5/0x2c4)
[<803ee13d>] (really_probe) from [<803ee3d1>] (__driver_probe_device+0x75/0x174)
[<803ee3d1>] (__driver_probe_device) from [<803ee501>] (driver_probe_device+0x31/0x94)
usb 1-1: device descriptor read/8, error -71

Fixes: fc53d5279094 ("usb: chipidea: tegra: Support host mode")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Link: https://lore.kernel.org/r/ef8466b834c1726f5404c95c3e192e90460146f8.1695934946.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

2023-11-20 11:59:26 +01:00

arch

sh: bios: Revive earlyprintk support

2023-11-20 11:59:22 +01:00

block

blk-throttle: check for overflow in calculate_bytes_allowed

2023-10-20 18:38:17 -06:00

certs

certs: Reference revocation list for all keyrings

2023-08-17 20:12:41 +00:00

crypto

certs: Break circular dependency when selftest is modular

2023-11-20 11:59:23 +01:00

Documentation

dt-bindings: mfd: mt6397: Split out compatible for MediaTek MT6366 PMIC

2023-11-20 11:59:24 +01:00

drivers

usb: chipidea: Fix DMA overwrite for Tegra

2023-11-20 11:59:26 +01:00

f2fs: fix to drop meta_inode's page cache in f2fs_put_super()

2023-11-20 11:59:25 +01:00

include

mfd: core: Un-constify mfd_cell.of_reg

2023-11-20 11:59:23 +01:00

init

workqueue: Changes for v6.6

2023-09-01 16:06:32 -07:00

io_uring

io_uring/kbuf: Allow the full buffer id space for provided buffers

2023-11-20 11:59:11 +01:00

ipc

Add x86 shadow stack support

2023-08-31 12:20:12 -07:00

kernel

livepatch: Fix missing newline character in klp_resolve_symbols()

2023-11-20 11:59:25 +01:00

lib

kunit: test: Fix the possible memory leak in executor_test

2023-11-20 11:59:15 +01:00

LICENSES

LICENSES: Add the copyleft-next-0.3.1 license

2022-11-08 15:44:01 +01:00

vfs: fix readahead(2) on block devices

2023-11-20 11:58:52 +01:00

net

ipv6: avoid atomic fragment on GSO packets

2023-11-20 11:59:03 +01:00

rust

rust: docs: fix logo replacement

2023-10-19 16:40:00 +02:00

samples

VFIO updates for v6.6-rc1

2023-08-30 20:36:01 -07:00

scripts

scripts/gdb: fix usage of MOD_TEXT not defined when CONFIG_MODULES=n

2023-11-20 11:59:24 +01:00

security

apparmor: fix invalid reference on profile->disconnected

2023-11-20 11:59:24 +01:00

sound

ASoC: ams-delta.c: use component after check

2023-11-20 11:59:23 +01:00

tools

perf record: Fix BTF type checks in the off-cpu profiling

2023-11-20 11:59:25 +01:00

usr

initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP

2023-06-06 17:54:49 +09:00

virt

ARM:

2023-09-07 13:52:20 -07:00

.clang-format

iommu: Add for_each_group_device()

2023-05-23 08:15:51 +02:00

.cocciconfig

…

.get_maintainer.ignore

get_maintainer: add Alan to .get_maintainer.ignore

2022-08-20 15:17:44 -07:00

.gitattributes

.gitattributes: set diff driver for Rust source code files

2023-05-31 17:48:25 +02:00

.gitignore

kbuild: rpm-pkg: rename binkernel.spec to kernel.spec

2023-07-25 00:59:33 +09:00

.mailmap

20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues

2023-10-24 09:52:16 -10:00

.rustfmt.toml

rust: add .rustfmt.toml

2022-09-28 09:02:20 +02:00

COPYING

COPYING: state that all contributions really are covered by this file

2020-02-10 13:32:20 -08:00

CREDITS

USB: Remove Wireless USB and UWB documentation

2023-08-09 14:17:32 +02:00

Kbuild

Kbuild updates for v6.1

2022-10-10 12:00:45 -07:00

Kconfig

kbuild: ensure full rebuild when the compiler is updated

2020-05-12 13:28:33 +09:00

MAINTAINERS

Char/Misc driver fixes for 6.6-final

2023-10-28 07:51:27 -10:00

Makefile

Linux 6.6.1

2023-11-08 11:56:25 +01:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97.6%

Assembly 1%

Shell 0.5%

Python 0.3%

Makefile 0.3%