Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/drivers/usb/musb
History
Mans Rullgard 83f75226a7 usb: musb: fix crash with highmen PIO and usbmon 
commit 52974d94a206ce428d9d9b6eaa208238024be82a upstream.

When handling a PIO bulk transfer with highmem buffer, a temporary
mapping is assigned to urb->transfer_buffer.  After the transfer is
complete, an invalid address is left behind in this pointer.  This is
not ordinarily a problem since nothing touches that buffer before the
urb is released.  However, when usbmon is active, usbmon_urb_complete()
calls (indirectly) mon_bin_get_data() which does access the transfer
buffer if it is set.  To prevent an invalid memory access here, reset
urb->transfer_buffer to NULL when finished (musb_host_rx()), or do not
set it at all (musb_host_tx()).

Fixes: 8e8a551654 ("usb: musb: host: Handle highmem in PIO mode")
Signed-off-by: Mans Rullgard <mans@mansr.com>
Cc: stable@vger.kernel.org
Signed-off-by: Bin Liu <b-liu@ti.com>
Link: https://lore.kernel.org/r/20200316211136.2274-8-b-liu@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-02 15:28:20 +02:00
..
am35x.c
cppi_dma.c
cppi_dma.h
da8xx.c
davinci.c
davinci.h
jz4740.c
Kconfig
Makefile
musb_am335x.c
musb_core.c
musb_core.h
musb_cppi41.c
musb_debug.h
musb_debugfs.c
musb_dma.h
musb_dsps.c
musb_gadget.c
musb_gadget.h
musb_gadget_ep0.c
musb_host.c usb: musb: fix crash with highmen PIO and usbmon 2020-04-02 15:28:20 +02:00
musb_host.h
musb_io.h
musb_regs.h
musb_trace.c
musb_trace.h
musb_virthub.c
musbhsdma.c usb: musb: dma: Correct parameter passed to IRQ handler 2020-01-14 20:07:04 +01:00
omap2430.c usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue 2020-02-24 08:34:48 +01:00
omap2430.h
sunxi.c
tusb6010.c
tusb6010.h
tusb6010_omap.c
ux500.c
ux500_dma.c