[source] kernel: fix potential crash in usbport LED trigger driver

LEDE Commits lede-commits at lists.infradead.org
Tue Dec 6 10:50:44 PST 2016 

rmilecki pushed a commit to source.git, branch master:
https://git.lede-project.org/4b3f9bc28d73594ca12125204ce31c39ab2b6e41

commit 4b3f9bc28d73594ca12125204ce31c39ab2b6e41
Author: Rafał Miłecki <rafal at milecki.pl>
AuthorDate: Tue Dec 6 19:19:53 2016 +0100

    kernel: fix potential crash in usbport LED trigger driver
    
    This backports upstream accepted fix.
    
    Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
 ...sb-core-Introduce-a-USB-port-LED-trigger.patch} |  0
 ...bport-Use-proper-LED-API-to-fix-potential.patch | 70 ++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/target/linux/generic/patches-4.4/084-usb-core-Introduce-a-USB-port-LED-trigger.patch b/target/linux/generic/patches-4.4/084-0001-usb-core-Introduce-a-USB-port-LED-trigger.patch
similarity index 100%
rename from target/linux/generic/patches-4.4/084-usb-core-Introduce-a-USB-port-LED-trigger.patch
rename to target/linux/generic/patches-4.4/084-0001-usb-core-Introduce-a-USB-port-LED-trigger.patch
diff --git a/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch b/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch
new file mode 100644
index 0000000..ec41a2d
--- /dev/null
+++ b/target/linux/generic/patches-4.4/084-0002-usb-core-usbport-Use-proper-LED-API-to-fix-potential.patch
@@ -0,0 +1,70 @@
+From 89778ba335e302a450932ce5b703c1ee6216e949 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal at milecki.pl>
+Date: Tue, 6 Dec 2016 00:39:33 +0100
+Subject: [PATCH] usb: core: usbport: Use proper LED API to fix potential crash
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Calling brightness_set manually isn't safe as some LED drivers don't
+implement this callback. The best idea is to just use a proper helper
+which will fallback to the brightness_set_blocking callback if needed.
+
+This fixes:
+[ 1461.761528] Unable to handle kernel NULL pointer dereference at virtual address 00000000
+(...)
+[ 1462.117049] Backtrace:
+[ 1462.119521] [<bf228164>] (usbport_trig_port_store [ledtrig_usbport]) from [<c023f758>] (dev_attr_store+0x20/0x2c)
+[ 1462.129826]  r7:dcabc7c0 r6:dee0ff80 r5:00000002 r4:bf228164
+[ 1462.135511] [<c023f738>] (dev_attr_store) from [<c0169310>] (sysfs_kf_write+0x48/0x4c)
+[ 1462.143459]  r5:00000002 r4:c023f738
+[ 1462.147049] [<c01692c8>] (sysfs_kf_write) from [<c0168ab8>] (kernfs_fop_write+0xf8/0x1f8)
+[ 1462.155258]  r5:00000002 r4:df4a1000
+[ 1462.158850] [<c01689c0>] (kernfs_fop_write) from [<c0100c78>] (__vfs_write+0x34/0x120)
+[ 1462.166800]  r10:00000000 r9:dee0e000 r8:c000fc24 r7:00000002 r6:dee0ff80 r5:c01689c0
+[ 1462.174660]  r4:df727a80
+[ 1462.177204] [<c0100c44>] (__vfs_write) from [<c0101ae4>] (vfs_write+0xac/0x170)
+[ 1462.184543]  r9:dee0e000 r8:c000fc24 r7:dee0ff80 r6:b6f092d0 r5:df727a80 r4:00000002
+[ 1462.192319] [<c0101a38>] (vfs_write) from [<c01028dc>] (SyS_write+0x4c/0xa8)
+[ 1462.199396]  r9:dee0e000 r8:c000fc24 r7:00000002 r6:b6f092d0 r5:df727a80 r4:df727a80
+[ 1462.207174] [<c0102890>] (SyS_write) from [<c000fa60>] (ret_fast_syscall+0x0/0x3c)
+[ 1462.214774]  r7:00000004 r6:ffffffff r5:00000000 r4:00000000
+[ 1462.220456] Code: bad PC value
+[ 1462.223560] ---[ end trace 676638a3a12c7a56 ]---
+
+Reported-by: Ralph Sennhauser <ralph.sennhauser at gmail.com>
+Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
+Fixes: 0f247626cbb ("usb: core: Introduce a USB port LED trigger")
+Cc: stable at vger.kernel.org # 4.9+
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ drivers/usb/core/ledtrig-usbport.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/core/ledtrig-usbport.c
++++ b/drivers/usb/core/ledtrig-usbport.c
+@@ -74,8 +74,7 @@ static void usbport_trig_update_count(st
+ 
+ 	usbport_data->count = 0;
+ 	usb_for_each_dev(usbport_data, usbport_trig_usb_dev_check);
+-	led_cdev->brightness_set(led_cdev,
+-				 usbport_data->count ? LED_FULL : LED_OFF);
++	led_set_brightness(led_cdev, usbport_data->count ? LED_FULL : LED_OFF);
+ }
+ 
+ /***************************************
+@@ -228,12 +227,12 @@ static int usbport_trig_notify(struct no
+ 	case USB_DEVICE_ADD:
+ 		usbport_trig_add_usb_dev_ports(usb_dev, usbport_data);
+ 		if (observed && usbport_data->count++ == 0)
+-			led_cdev->brightness_set(led_cdev, LED_FULL);
++			led_set_brightness(led_cdev, LED_FULL);
+ 		return NOTIFY_OK;
+ 	case USB_DEVICE_REMOVE:
+ 		usbport_trig_remove_usb_dev_ports(usbport_data, usb_dev);
+ 		if (observed && --usbport_data->count == 0)
+-			led_cdev->brightness_set(led_cdev, LED_OFF);
++			led_set_brightness(led_cdev, LED_OFF);
+ 		return NOTIFY_OK;
+ 	}
+

More information about the lede-commits mailing list