This is a note to let you know that I've just added the patch titled
usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-gadget-udc-amd5536udc_pci-fix-null-ptr-dereference.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 72035f4954f0bca2d8c47cf31b3629c42116f5b7 Mon Sep 17 00:00:00 2001
From: Tong Zhang <ztong0001@xxxxxxxxx>
Date: Wed, 17 Mar 2021 19:04:00 -0400
Subject: usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
From: Tong Zhang <ztong0001@xxxxxxxxx>
commit 72035f4954f0bca2d8c47cf31b3629c42116f5b7 upstream.
init_dma_pools() calls dma_pool_create(...dev->dev) to create dma pool.
however, dev->dev is actually set after calling init_dma_pools(), which
effectively makes dma_pool_create(..NULL) and cause crash.
To fix this issue, init dma only after dev->dev is set.
[ 1.317993] RIP: 0010:dma_pool_create+0x83/0x290
[ 1.323257] Call Trace:
[ 1.323390] ? pci_write_config_word+0x27/0x30
[ 1.323626] init_dma_pools+0x41/0x1a0 [snps_udc_core]
[ 1.323899] udc_pci_probe+0x202/0x2b1 [amd5536udc_pci]
Fixes: 7c51247a1f62 (usb: gadget: udc: Provide correct arguments for 'dma_pool_create')
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Tong Zhang <ztong0001@xxxxxxxxx>
Link: https://lore.kernel.org/r/20210317230400.357756-1-ztong0001@xxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/gadget/udc/amd5536udc_pci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/usb/gadget/udc/amd5536udc_pci.c
+++ b/drivers/usb/gadget/udc/amd5536udc_pci.c
@@ -158,6 +158,11 @@ static int udc_pci_probe(
pci_set_master(pdev);
pci_try_set_mwi(pdev);
+ dev->phys_addr = resource;
+ dev->irq = pdev->irq;
+ dev->pdev = pdev;
+ dev->dev = &pdev->dev;
+
/* init dma pools */
if (use_dma) {
retval = init_dma_pools(dev);
@@ -165,11 +170,6 @@ static int udc_pci_probe(
goto err_dma;
}
- dev->phys_addr = resource;
- dev->irq = pdev->irq;
- dev->pdev = pdev;
- dev->dev = &pdev->dev;
-
/* general probing */
if (udc_probe(dev)) {
retval = -ENODEV;
Patches currently in stable-queue which might be from ztong0001@xxxxxxxxx are
queue-4.14/usb-gadget-udc-amd5536udc_pci-fix-null-ptr-dereference.patch
queue-4.14/staging-comedi-cb_pcidas-fix-request_irq-warn.patch
queue-4.14/staging-comedi-cb_pcidas64-fix-request_irq-warn.patch
queue-4.14/net-wan-lmc-unregister-device-when-no-matching-devic.patch
