This is a note to let you know that I've just added the patch titled
thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
to the 6.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
thunderbolt-fix-null-pointer-dereference-in-tb_port_update_credits.patch
and it can be found in the queue-6.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa Mon Sep 17 00:00:00 2001
From: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>
Date: Mon, 12 Feb 2024 13:03:34 +0200
Subject: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
From: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>
commit d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa upstream.
Olliver reported that his system crashes when plugging in Thunderbolt 1
device:
BUG: kernel NULL pointer dereference, address: 0000000000000020
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt]
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? tb_port_do_update_credits+0x1b/0x130
? tb_switch_update_link_attributes+0x83/0xd0
tb_switch_add+0x7a2/0xfe0
tb_scan_port+0x236/0x6f0
tb_handle_hotplug+0x6db/0x900
process_one_work+0x171/0x340
worker_thread+0x27b/0x3a0
? __pfx_worker_thread+0x10/0x10
kthread+0xe5/0x120
? __pfx_kthread+0x10/0x10
ret_from_fork+0x31/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
This is due the fact that some Thunderbolt 1 devices only have one lane
adapter. Fix this by checking for the lane 1 before we read its credits.
Reported-by: Olliver Schinagl <oliver@xxxxxxxxxxx>
Closes: https://lore.kernel.org/linux-usb/c24c7882-6254-4e68-8f22-f3e8f65dc84f@xxxxxxxxxxx/
Fixes: 81af2952e606 ("thunderbolt: Add support for asymmetric link")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Gil Fine <gil.fine@xxxxxxxxxxxxxxx>
Signed-off-by: Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/thunderbolt/switch.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -1265,6 +1265,9 @@ int tb_port_update_credits(struct tb_por
ret = tb_port_do_update_credits(port);
if (ret)
return ret;
+
+ if (!port->dual_link_port)
+ return 0;
return tb_port_do_update_credits(port->dual_link_port);
}
Patches currently in stable-queue which might be from mika.westerberg@xxxxxxxxxxxxxxx are
queue-6.7/thunderbolt-fix-null-pointer-dereference-in-tb_port_update_credits.patch
queue-6.7/pci-dpc-quirk-pio-log-size-for-intel-raptor-lake-roo.patch
