Re: [PATCH 3/3] usb: typec: mux: Use the "compatible" property instead of a boolean property
Hi Heikki,
Heikki Krogerus 于2019年3月28日周四 上午12:45写道:
>
> Instead of searching for a boolean property, matching
> against the "compatible" property.
>
> Signed-off-by: Heikki Krogerus
> ---
> drivers/usb/typec/mux.c | 8 ++--
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c
> index 2ce54f3fc79c..9462b90f1c09 100644
> --- a/drivers/usb/typec/mux.c
> +++ b/drivers/usb/typec/mux.c
> @@ -32,11 +32,7 @@ static void *typec_switch_match(struct device_connection
> *con, int ep,
> return ERR_PTR(-EPROBE_DEFER);
> }
>
> - /*
> -* With OF graph the mux node must have a boolean device property
> named
> -* "orientation-switch".
> -*/
> - if (con->id && !fwnode_property_present(con->fwnode, con->id))
> + if (con->id && !fwnode_is_compatible(con->fwnode, con->id))
This is still the right approach for orientation switch match, right?
Li Jun
> return NULL;
>
> list_for_each_entry(sw, &switch_list, entry)
> @@ -148,7 +144,7 @@ static void *typec_mux_match(struct device_connection
> *con, int ep, void *data)
>
> /* Accessory Mode muxes */
> if (!desc) {
> - match = fwnode_property_present(con->fwnode, "accessory");
> + match = fwnode_is_compatible(con->fwnode, "accessory");
> if (match)
> goto find_mux;
> return NULL;
> --
> 2.20.1
>
Re: [PATCH v2 0/5] usb: gadget: u_serial: Fix and cleanup
Hi Michał,
On Sun, Jul 14, 2019 at 12:04:26PM +0200, Michał Mirosław wrote:
> On Sat, Jul 13, 2019 at 11:08:53PM +0200, Ladislav Michl wrote:
> > Following patchset makes console work (patch 1 and 4) for an AT91SAM9G20
> > board connected to xhci_hcd and does some cleanup.
> > Tested with "console=ttyS0,115200n8 console=ttyGS0" on kernel command line
> > and following inittab:
> > console::respawn:/sbin/getty -L 115200 ttyS0 vt100
> > console::respawn:/sbin/getty -L 115200 ttyGS0 vt100
> >
> > However there is an issue remaining:
> > Disconnect triggers WARN_ON in gs_close:
> [...]
>
> Hi,
>
> Can you try a patchset I sent some time ago [1] if it fixes your case?
your "usb: gadget: u_serial: add missing port entry locking" and
"usb: gadget: u_serial: reimplement console support" fixes every single
problem I had with the driver (including that WARN_ON on gs_close),
except starving console write.
Fortunately my patch "usb: gadget: u_serial: Fix starving write"
applies on top of your first two patches.
So here's my
Tested-by: Ladislav Michl
and also one nit for your second patch (there are people running cocci scripts,
so save them some time ;-)):
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -931,8 +931,8 @@ static void gs_console_complete_out(struct usb_ep *ep,
struct usb_request *req)
static void __gs_console_push(struct gs_console *cons)
{
struct usb_request *req = cons->req;
- struct usb_ep *ep = cons->console.data;
- size_t size = 0;
+ struct usb_ep *ep;
+ size_t size;
if (!req)
return; /* disconnected */
@@ -940,6 +940,7 @@ static void __gs_console_push(struct gs_console *cons)
if (req->length)
return; /* busy */
+ ep = cons->console.data;
size = kfifo_out(&cons->buf, req->buf, ep->maxpacket);
if (!size)
return;
I'm dropping all my patches except the fourth one in favour of your solution
as it is clearly superior. Care to resend it possibly with above fix and
said fourth patch as a single serie?
Thank you,
ladis
RE: [PATCH v9 5/6] usb:cdns3 Add Cadence USB3 DRD Driver
Hi Felipe
>
>Hi,
>
>Pawel Laszczak writes:
>> +static void cdns3_gadget_config(struct cdns3_device *priv_dev)
>> +{
>> +struct cdns3_usb_regs __iomem *regs = priv_dev->regs;
>> +u32 reg;
>> +
>> +cdns3_ep0_config(priv_dev);
>> +
>> +/* enable interrupts for endpoint 0 (in and out) */
>> +writel(EP_IEN_EP_OUT0 | EP_IEN_EP_IN0, ®s->ep_ien);
>> +
>> +/*
>> + *Driver need modify LFPS minimal U1 Exit time for 0x00024505 revision
>
>comment style
>
>> + * of controller
>> + */
>> +if (priv_dev->dev_ver == DEV_VER_TI_V1) {
>
>this version is really only for TI? And there's another only for NXP?
Yes, from driver point of view the only difference for this version is LFPS
parameter. It's depend on the kind of used PHY and should be set on
integration level. Default value is incorrect for DEV_VER_TI_V1 version and
it cause some issue for one of the Link Layer test.
>
>+#define DEV_VER_NXP_V10x00024502
>+#define DEV_VER_TI_V1 0x00024509
>+#define DEV_VER_V20x0002450C
>+#define DEV_VER_V30x0002450d
>
>How do you actually decode this?
It's read from register: USB_CAP6
priv_dev->dev_ver = readl(&priv_dev->regs->usb_cap6);
But's only 3 less significant bytes are used as version.
>
>> +static int cdns3_gadget_udc_stop(struct usb_gadget *gadget)
>> +{
>> +struct cdns3_device *priv_dev = gadget_to_cdns3_device(gadget);
>> +struct cdns3_endpoint *priv_ep;
>> +u32 bEndpointAddress;
>> +struct usb_ep *ep;
>> +int ret = 0;
>> +
>> +priv_dev->gadget_driver = NULL;
>> +
>> +priv_dev->onchip_used_size = 0;
>> +priv_dev->out_mem_is_allocated = 0;
>> +priv_dev->gadget.speed = USB_SPEED_UNKNOWN;
>> +
>> +list_for_each_entry(ep, &priv_dev->gadget.ep_list, ep_list) {
>> +priv_ep = ep_to_cdns3_ep(ep);
>> +bEndpointAddress = priv_ep->num | priv_ep->dir;
>> +cdns3_select_ep(priv_dev, bEndpointAddress);
>> +writel(EP_CMD_EPRST, &priv_dev->regs->ep_cmd);
>> +ret = cdns3_handshake(&priv_dev->regs->ep_cmd,
>> + EP_CMD_EPRST, 0, 100);
>> +cdns3_free_trb_pool(priv_ep);
>
>are you sure you want to free your trb pool when a gadget driver is
>unloaded? One can easily fragment memory by constantly loading and
>unloading a gadget driver, no?
I think that such constantly loading/unloading will occurs only during
testing.
>
>How about you allocate the trb poll during cdns3 load and free it when
>cdns3 is unloaded?
This allocation is made only in cdns3_gadget_ep_enable, so memory
is allocated only for endpoint in use. We save a lot of memory, especially
for streams and ISOC endpoint.
Streams support is not implemented now but it will be added as separate
patch in the feature. It will require allocation multiple Transfer Rings.
The second issue are ISOC endpoints. For each ITP we need separate TRB.
So, for bInterval > 1 driver must allocate the quite big size of Transfer Ring.
During loading cdns3 we don't know which endpoint and how it will be used.
If someone from customers will complain about current implementation,
Then I will try to implement some improvement.
>
>> +static int cdns3_gadget_start(struct cdns3 *cdns)
>> +{
>> +struct cdns3_device *priv_dev;
>> +u32 max_speed;
>> +int ret;
>> +
>> +priv_dev = kzalloc(sizeof(*priv_dev), GFP_KERNEL);
>> +if (!priv_dev)
>> +return -ENOMEM;
>> +
>> +cdns->gadget_dev = priv_dev;
>> +priv_dev->sysdev = cdns->dev;
>> +priv_dev->dev = cdns->dev;
>> +priv_dev->regs = cdns->dev_regs;
>> +
>> +device_property_read_u16(priv_dev->dev, "cdns,on-chip-buff-size",
>> + &priv_dev->onchip_buffers);
>> +
>> +if (priv_dev->onchip_buffers <= 0) {
>> +u32 reg = readl(&priv_dev->regs->usb_cap2);
>> +
>> +priv_dev->onchip_buffers = USB_CAP2_ACTUAL_MEM_SIZE(reg);
>> +}
>> +
>> +if (!priv_dev->onchip_buffers)
>> +priv_dev->onchip_buffers = 256;
>> +
>> +max_speed = usb_get_maximum_speed(cdns->dev);
>> +
>> +/* Check the maximum_speed parameter */
>> +switch (max_speed) {
>> +case USB_SPEED_FULL:
>> +case USB_SPEED_HIGH:
>> +case USB_SPEED_SUPER:
>> +break;
>> +default:
>> +dev_err(cdns->dev, "invalid maximum_speed parameter %d\n",
>> +max_speed);
>> +/* fall through */
>> +case USB_SPEED_UNKNOWN:
>> +/* default to superspeed */
>> +max_speed = USB_SPEED_SUPER;
>> +break;
>> +}
>> +
>> +/* fill gadget fields */
>> +priv_dev->gadget.max_speed = max_speed;
>> +priv_dev->gadget.speed = USB_SPEED_UNKNOWN;
>> +priv_dev->gadget.ops = &cdns3_gadget_ops;
>> +priv_dev->gadget.name = "usb-ss-gadget";
>> +priv_dev->gadget.sg_supported = 1;
>> +
>> +spin_lock_init(&priv_dev->lock);
>> +INIT_WORK(
Kindly Respond
Hello, I am Barr Fredrick Mbogo a business consultant i have a lucrative business to discuss with you from the Eastern part of Africa Uganda to be precise aimed at agreed percentage upon your acceptance of my hand in business and friendship. Kindly respond to me if you are interested to partner with me for an update. Very important. Yours Sincerely, Donald Douglas, For, Barr Frederick Mbogo Legal Consultant. Reply to: barrfredmb...@consultant.com
Re: [PATCH 0/3] Fix USB3.0 DRD PHY calibration issues (DWC3/XHCI) on Exynos542x SoCs
Hi Anand,
On 2019-06-28 17:32, Anand Moon wrote:
> Hi Marek,
>
> On Thu, 27 Jun 2019 at 12:47, Marek Szyprowski
> wrote:
>> Dear All,
>>
>> Commit d8c80bb3b55b ("phy: exynos5-usbdrd: Calibrate LOS levels for
>> exynos5420/5800") added support for Exynos5 USB3.0 DRD PHY calibration,
>> what enabled proper Super-Speed enumeration of USB3.0 devices connected
>> to various Exynos5 SoCs. After some time it turned out that the mentioned
>> patch worked a bit by pure luck and covered only one use case (fresh
>> boot with all drivers compiled into the kernel).
>>
>> If drivers were compiled as modules, due to timing issue, it worked only
>> if XHCI-plat driver was loaded before the DWC3 driver:
>> https://patchwork.kernel.org/patch/10773947/
>>
>> Also during the system suspend/resume cycle the calibration was not
>> performed at the proper time and resulted in switching USB 3.0 devices to
>> USB 2.0 high-speed compatibility mode.
>>
>> This patch addresses all those issues. Exynos5 USB3.0 DRD PHY calibration
>> is moved to the Exynos5 specific variant of the XHCI-plat driver, which
>> takes care of proper PHY calibration after XHCI core reset. This fixes
>> all known use cases (XHCI driver compiled as module and loaded on demand
>> as well as during system suspend/resume cycle).
>>
>> Here are the logs taken on Exynos5422-based Odroid HC1 board (with USB3.0
>> RTL8153 LAN and USB3.0 JMicron SATA-USB bridge):
>>
> Thanks for these patch. I have tested on linux-next-20190626
>
> *But hotpluging of usb device is not working on usb ports.*
Well, this is a bit poor report. I've checked various USB 3.0 devices
with my XU4 board and didn't observe any issue with hotplug or
enumeration. Could you describe a bit more how to trigger the issue?
> These patches fix the suspend/resume for XU4.
> But their is two issue.
> 1> On warm boot fails to reset the usb hub
> --
> [7.019896] usb 4-1.1: new SuperSpeed Gen 1 USB device number 3
> using xhci-hcd
> [7.063032] usb 4-1.1: New USB device found, idVendor=152d,
> idProduct=0578, bcdDevice=63.01
> [7.070484] usb 4-1.1: New USB device strings: Mfr=1, Product=2,
> SerialNumber=3
> [7.077438] usb 4-1.1: Product: JMS567
> [7.081749] usb 4-1.1: Manufacturer: JMicron
> [7.086028] usb 4-1.1: SerialNumber: DB12345678A3
> [7.151572] scsi host0: uas
> [7.162765] scsi 0:0:0:0: Direct-Access KINGSTON SA400S37120G
>6301 PQ: 0 ANSI: 6
> [7.176231] sd 0:0:0:0: [sda] 234441648 512-byte logical blocks:
> (120 GB/112 GiB)
> [7.177550] sd 0:0:0:0: Attached scsi generic sg0 type 0
> [7.183547] sd 0:0:0:0: [sda] 4096-byte physical blocks
> [7.201150] sd 0:0:0:0: [sda] Write Protect is off
> [7.204977] sd 0:0:0:0: [sda] Disabling FUA
> [7.209476] sd 0:0:0:0: [sda] Write cache: enabled, read cache:
> enabled, doesn't support DPO or FUA
> [7.219411] sd 0:0:0:0: [sda] Optimal transfer size 33553920 bytes
> not a multiple of physical block size (4096 bytes)
> [7.713603] sda: sda1
> [7.736338] sd 0:0:0:0: [sda] Attached SCSI disk
> [ 11.372630] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> waiting for setup device command
> [ 16.650624] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> waiting for setup device command
> [ 16.870255] usb 6-1: device not accepting address 2, error -62
> [ 22.171093] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> waiting for setup device command
> [ 27.451021] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> waiting for setup device command
> [ 27.669956] usb 6-1: device not accepting address 3, error -62
> [ 27.711656] usb usb6-port1: attempt power cycle
>
> some how 1250.phy do not de-register when we perform reboot.
Sorry, but this is not related to PHY at all. If I get your log right,
you have external USB3->SATA bridge which fails to enumerate in your
case. Does it work right with other boards or vendor kernels? You
connect it to the XU4 onboard USB3.0 hub, which cannot be programmed or
controlled in any way, so I doubt we can do anything to fix your issue.
> [ 120.260813] shutdown[1]: All loop devices detached.
> [ 120.308592] sd 0:0:0:0: [sda] Synchronizing SCSI cache
> [ 120.425890] usb 4-1.1: reset SuperSpeed Gen 1 USB device number 3
> using xhci-hcd
> [ 120.500085] wake enabled for irq 155
> [ 120.592335] reboot: Restartin
>
> Attach are the reboot logs.
> [0] https://pastebin.com/a3d712q4
>
> Second issue is the unbind on usb dwc3 fails.
>
> [root@archl-xu4m ~]# cd /sys/bus/platform/drivers/exynos5_usb3drd_phy/
> [root@archl-xu4m exynos5_usb3drd_phy]# ls -la
> total 0
> drwxr-xr-x 2 root root0 Jun 28 14:08 .
> drwxr-xr-x 131 root root0 Jun 28 14:08 ..
> lrwxrwxrwx 1 root root0 Jun 28 14:11 1210.phy ->
> ../../../../devices/platform/soc/1210.phy
> lrwxrwxrwx 1 root root0 Jun 28 14:11 1250.phy ->
> ../../../../devices/platform/soc/1250.phy
>
[PATCH AUTOSEL 5.2 045/249] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
From: Vandana BN [ Upstream commit 5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e ] SyzKaller hit the null pointer deref while reading from uninitialized udev->product in zr364xx_vidioc_querycap(). == BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 include/linux/compiler.h:274 Read of size 1 at addr by task v4l_id/5287 CPU: 1 PID: 5287 Comm: v4l_id Not tainted 5.1.0-rc3-319004-g43151d6 #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 kasan_report.cold+0x5/0x3c mm/kasan/report.c:321 read_word_at_a_time+0xe/0x20 include/linux/compiler.h:274 strscpy+0x8a/0x280 lib/string.c:207 zr364xx_vidioc_querycap+0xb5/0x210 drivers/media/usb/zr364xx/zr364xx.c:706 v4l_querycap+0x12b/0x340 drivers/media/v4l2-core/v4l2-ioctl.c:1062 __video_do_ioctl+0x5bb/0xb40 drivers/media/v4l2-core/v4l2-ioctl.c:2874 video_usercopy+0x44e/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3056 v4l2_ioctl+0x14e/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:364 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xced/0x12f0 fs/ioctl.c:696 ksys_ioctl+0xa0/0xc0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x74/0xb0 fs/ioctl.c:718 do_syscall_64+0xcf/0x4f0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3b56d8b347 Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 RSP: 002b:7ffe005d5d68 EFLAGS: 0202 ORIG_RAX: 0010 RAX: ffda RBX: 0003 RCX: 7f3b56d8b347 RDX: 7ffe005d5d70 RSI: 80685600 RDI: 0003 RBP: R08: R09: R10: R11: 0202 R12: 00400884 R13: 7ffe005d5ec0 R14: R15: == For this device udev->product is not initialized and accessing it causes a NULL pointer deref. The fix is to check for NULL before strscpy() and copy empty string, if product is NULL Reported-by: syzbot+66010012fd4c531a1...@syzkaller.appspotmail.com Signed-off-by: Vandana BN Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/usb/zr364xx/zr364xx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/zr364xx/zr364xx.c b/drivers/media/usb/zr364xx/zr364xx.c index 37a7992585df..48803eb773ed 100644 --- a/drivers/media/usb/zr364xx/zr364xx.c +++ b/drivers/media/usb/zr364xx/zr364xx.c @@ -694,7 +694,8 @@ static int zr364xx_vidioc_querycap(struct file *file, void *priv, struct zr364xx_camera *cam = video_drvdata(file); strscpy(cap->driver, DRIVER_DESC, sizeof(cap->driver)); - strscpy(cap->card, cam->udev->product, sizeof(cap->card)); + if (cam->udev->product) + strscpy(cap->card, cam->udev->product, sizeof(cap->card)); strscpy(cap->bus_info, dev_name(&cam->udev->dev), sizeof(cap->bus_info)); cap->device_caps = V4L2_CAP_VIDEO_CAPTURE | -- 2.20.1
[PATCH AUTOSEL 5.2 222/249] net: usb: asix: init MAC address buffers
From: Phong Tran
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978e...@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit:f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea0
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa0
==
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index c9bc96310ed4..ef548beba684 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -226,7 +226,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int
reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -677,7 +677,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1061,7 +1061,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
[PATCH AUTOSEL 5.1 194/219] net: usb: asix: init MAC address buffers
From: Phong Tran
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978e...@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit:f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea0
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa0
==
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index 3d93993e74da..2eca4168af2f 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -238,7 +238,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int
reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -689,7 +689,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1073,7 +1073,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
[PATCH AUTOSEL 4.14 094/105] net: usb: asix: init MAC address buffers
From: Phong Tran
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978e...@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit:f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea0
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa0
==
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index d0c0ac0c3519..9b751d4bd327 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -238,7 +238,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int
reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -689,7 +689,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1065,7 +1065,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
[PATCH AUTOSEL 4.9 66/73] net: usb: asix: init MAC address buffers
From: Phong Tran
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978e...@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit:f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea0
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa0
==
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index 393fd3ed6b94..4b12b6da3fab 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -237,7 +237,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int
reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -687,7 +687,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1064,7 +1064,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
External USB write error
I am encountering the following bug in 5.2.0 and 5.2.1 when trying to write to an external USB-3.0 disk. The terminal locks and is only recoverable with the reset button Jul 12 11:16:12 NVMe kernel: [ 123.758841] xhci_hcd :07:00.0: swiotlb buffer is full (sz: 348160 bytes), total 32768 (slots), used 1 (slots) Jul 12 11:16:12 NVMe kernel: [ 123.758845] xhci_hcd :07:00.0: overflow 0x0007c67ab000+348160 of DMA mask bus mask 0 Jul 12 11:16:12 NVMe kernel: [ 123.758856] WARNING: CPU: 0 PID: 924 at kernel/dma/direct.c:43 report_addr+0x2f/0x90 Jul 12 11:16:12 NVMe kernel: [ 123.758857] Modules linked in: ipv6 xt_limit xt_pkttype ipt_REJECT nf_reject_ipv4 xt_tcpudp nf_log_ipv4 nf_log_common xt_LOG xt_conntrack iptable_mangle iptable_nat iptable_filter nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_tables x_tables cfg80211 rfkill hid_generic usbhid hid fuse uas usb_storage snd_hda_codec_hdmi coretemp intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_realtek kvm_intel snd_hda_codec_generic ledtrig_audio kvm irqbypass i2c_dev mxm_wmi crct10dif_pclmul crc32_pclmul i915 crc32c_intel cec rc_core drm_kms_helper ghash_clmulni_intel snd_hda_intel drm snd_hda_codec intel_cstate snd_hda_core intel_gtt snd_hwdep intel_rapl_perf snd_pcm snd_timer evdev agpgart i2c_algo_bit serio_raw fb_sys_fops snd syscopyarea sysfillrect tg3 sysimgblt i2c_i801 xhci_pci soundcore mei_me xhci_hcd lpc_ich i2c_core ehci_pci libphy mei ehci_hcd ie31200_edac hwmon wmi video pcc_cpufreq intel_smartconnect button loop Jul 12 11:16:12 NVMe kernel: [ 123.758903] CPU: 0 PID: 924 Comm: usb-storage Not tainted 5.2.0 #3 Jul 12 11:16:12 NVMe kernel: [ 123.758904] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z77 Extreme4, BIOS P2.90 07/11/2013 Jul 12 11:16:12 NVMe kernel: [ 123.758907] RIP: 0010:report_addr+0x2f/0x90 Jul 12 11:16:12 NVMe kernel: [ 123.758909] Code: 48 83 ec 08 48 8b 87 28 02 00 00 48 89 34 24 48 85 c0 74 29 4c 8b 00 b8 fe ff ff ff 49 39 c0 76 10 80 3d 43 cf a7 01 00 74 31 <0f> 0b 48 83 c4 08 c3 48 83 bf 38 02 00 00 00 75 e6 eb ed 80 3d 28 Jul 12 11:16:12 NVMe kernel: [ 123.758911] RSP: 0018:a46203ef7bc8 EFLAGS: 00010282 Jul 12 11:16:12 NVMe kernel: [ 123.758912] RAX: RBX: 90f1fb5b30b0 RCX: 0006 Jul 12 11:16:12 NVMe kernel: [ 123.758913] RDX: RSI: 0082 RDI: 90f1ff4164c0 Jul 12 11:16:12 NVMe kernel: [ 123.758914] RBP: 00055000 R08: 0001279c R09: 0384 Jul 12 11:16:12 NVMe kernel: [ 123.758915] R10: R11: 0384 R12: 90f1fb5b30b0 Jul 12 11:16:12 NVMe kernel: [ 123.758916] R13: 0001 R14: R15: 90f1f13102b0 Jul 12 11:16:12 NVMe kernel: [ 123.758918] FS: () GS:90f1ff40() knlGS: Jul 12 11:16:12 NVMe kernel: [ 123.758919] CS: 0010 DS: ES: CR0: 80050033 Jul 12 11:16:12 NVMe kernel: [ 123.758921] CR2: 0189b000 CR3: 000320a0a005 CR4: 001606f0 Jul 12 11:16:12 NVMe kernel: [ 123.758921] Call Trace: Jul 12 11:16:12 NVMe kernel: [ 123.758927] dma_direct_map_page+0xd9/0xf0 Jul 12 11:16:12 NVMe kernel: [ 123.758930] dma_direct_map_sg+0x64/0xb0 Jul 12 11:16:12 NVMe kernel: [ 123.758934] usb_hcd_map_urb_for_dma+0x3d1/0x540 Jul 12 11:16:12 NVMe kernel: [ 123.758937] usb_hcd_submit_urb+0x84/0xa00 Jul 12 11:16:12 NVMe kernel: [ 123.758941] ? schedule_timeout+0x1dc/0x2f0 Jul 12 11:16:12 NVMe kernel: [ 123.758943] ? usb_hcd_submit_urb+0xa9/0xa00 Jul 12 11:16:12 NVMe kernel: [ 123.758946] ? __switch_to_asm+0x40/0x70 Jul 12 11:16:12 NVMe kernel: [ 123.758948] ? _cond_resched+0x16/0x40 Jul 12 11:16:12 NVMe kernel: [ 123.758951] ? __kmalloc+0x5d/0x200 Jul 12 11:16:12 NVMe kernel: [ 123.758954] ? usb_alloc_urb+0x24/0x60 Jul 12 11:16:12 NVMe kernel: [ 123.758956] usb_sg_wait+0x64/0x110 Jul 12 11:16:12 NVMe kernel: [ 123.758963] usb_stor_bulk_transfer_sglist.part.4+0x69/0xc0 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758967] usb_stor_bulk_srb+0x68/0x80 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758971] usb_stor_Bulk_transport+0x184/0x3e0 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758973] ? schedule+0x33/0x90 Jul 12 11:16:12 NVMe kernel: [ 123.758976] usb_stor_invoke_transport+0x3a/0x4e0 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758979] ? wait_for_completion_interruptible+0xaf/0x170 Jul 12 11:16:12 NVMe kernel: [ 123.758983] ? wake_up_q+0x80/0x80 Jul 12 11:16:12 NVMe kernel: [ 123.758986] usb_stor_control_thread+0x165/0x270 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758990] ? fill_inquiry_response+0x20/0x20 [usb_storage] Jul 12 11:16:12 NVMe kernel: [ 123.758993] kthread+0xf8/0x130 Jul 12 11:16:12 NVMe kernel: [ 123.758996] ? kthread_destroy_worker+0x40/0x40 Jul 12 11:16:12 NVMe kernel: [ 123.758999] ret_from_fork+0x35/0
[PATCH AUTOSEL 4.19 139/158] net: usb: asix: init MAC address buffers
From: Phong Tran
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978e...@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit:f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea0
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa0
==
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index 3d93993e74da..2eca4168af2f 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -238,7 +238,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int
reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -689,7 +689,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1073,7 +1073,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
[PATCH AUTOSEL 5.1 040/219] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
From: Vandana BN [ Upstream commit 5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e ] SyzKaller hit the null pointer deref while reading from uninitialized udev->product in zr364xx_vidioc_querycap(). == BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 include/linux/compiler.h:274 Read of size 1 at addr by task v4l_id/5287 CPU: 1 PID: 5287 Comm: v4l_id Not tainted 5.1.0-rc3-319004-g43151d6 #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 kasan_report.cold+0x5/0x3c mm/kasan/report.c:321 read_word_at_a_time+0xe/0x20 include/linux/compiler.h:274 strscpy+0x8a/0x280 lib/string.c:207 zr364xx_vidioc_querycap+0xb5/0x210 drivers/media/usb/zr364xx/zr364xx.c:706 v4l_querycap+0x12b/0x340 drivers/media/v4l2-core/v4l2-ioctl.c:1062 __video_do_ioctl+0x5bb/0xb40 drivers/media/v4l2-core/v4l2-ioctl.c:2874 video_usercopy+0x44e/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3056 v4l2_ioctl+0x14e/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:364 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xced/0x12f0 fs/ioctl.c:696 ksys_ioctl+0xa0/0xc0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x74/0xb0 fs/ioctl.c:718 do_syscall_64+0xcf/0x4f0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3b56d8b347 Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 RSP: 002b:7ffe005d5d68 EFLAGS: 0202 ORIG_RAX: 0010 RAX: ffda RBX: 0003 RCX: 7f3b56d8b347 RDX: 7ffe005d5d70 RSI: 80685600 RDI: 0003 RBP: R08: R09: R10: R11: 0202 R12: 00400884 R13: 7ffe005d5ec0 R14: R15: == For this device udev->product is not initialized and accessing it causes a NULL pointer deref. The fix is to check for NULL before strscpy() and copy empty string, if product is NULL Reported-by: syzbot+66010012fd4c531a1...@syzkaller.appspotmail.com Signed-off-by: Vandana BN Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/usb/zr364xx/zr364xx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/zr364xx/zr364xx.c b/drivers/media/usb/zr364xx/zr364xx.c index 96fee8d5b865..cd2bc9ed0cd9 100644 --- a/drivers/media/usb/zr364xx/zr364xx.c +++ b/drivers/media/usb/zr364xx/zr364xx.c @@ -703,7 +703,8 @@ static int zr364xx_vidioc_querycap(struct file *file, void *priv, struct zr364xx_camera *cam = video_drvdata(file); strscpy(cap->driver, DRIVER_DESC, sizeof(cap->driver)); - strscpy(cap->card, cam->udev->product, sizeof(cap->card)); + if (cam->udev->product) + strscpy(cap->card, cam->udev->product, sizeof(cap->card)); strscpy(cap->bus_info, dev_name(&cam->udev->dev), sizeof(cap->bus_info)); cap->device_caps = V4L2_CAP_VIDEO_CAPTURE | -- 2.20.1
[PATCH] ISDN: hfcsusb: checking idx of ep configuration
The syzbot test with random endpoint address which made the idx is overflow in the table of endpoint configuations. this adds the checking for fixing the error report from syzbot KASAN: stack-out-of-bounds Read in hfcsusb_probe [1] The patch tested by syzbot [2] Reported-by: syzbot+8750abbc3a46ef47d...@syzkaller.appspotmail.com [1]: https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522 [2]: https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ Signed-off-by: Phong Tran --- drivers/isdn/hardware/mISDN/hfcsusb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c index 4c99739b937e..0e224232f746 100644 --- a/drivers/isdn/hardware/mISDN/hfcsusb.c +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c @@ -1955,6 +1955,9 @@ hfcsusb_probe(struct usb_interface *intf, const struct usb_device_id *id) /* get endpoint base */ idx = ((ep_addr & 0x7f) - 1) * 2; + if (idx > 15) + return -EIO; + if (ep_addr & 0x80) idx++; attr = ep->desc.bmAttributes; -- 2.11.0
Re: [bugzilla-dae...@bugzilla.kernel.org: [Bug 204095] New: freeze while write on external usb 3.0 hard disk]
On Sun, 14 Jul 2019, Theodore Y. Ts'o wrote: > This bug was initially (and wrongly) assigned to the ext4 component, > when it's very clearly a regression in the USB mass storage driver in > the 5.2.0 kernel. > > For people who hate bugzilla, you can also see the full thread at: > > https://lore.kernel.org/linux-ext4/bug-204095-13...@https.bugzilla.kernel.org%2F/T/#ra57c95759df5bee542d85f2541bda87735c09f16 I'm not so sure it's a regression in the USB mass-storage driver, but in any case, it looks very much like the problem fixed by this patch (not yet merged): https://marc.info/?l=linux-usb&m=156044081619171&w=2 Maybe the original bug reporters can try it out and tell us if it works. Alan Stern
Re: [bugzilla-dae...@bugzilla.kernel.org: [Bug 204095] New: freeze while write on external usb 3.0 hard disk]
On Mon, 15 Jul 2019, John Yost wrote: > On 7/15/19 11:16 AM, Alan Stern wrote: > > On Sun, 14 Jul 2019, Theodore Y. Ts'o wrote: > > > >> This bug was initially (and wrongly) assigned to the ext4 component, > >> when it's very clearly a regression in the USB mass storage driver in > >> the 5.2.0 kernel. > >> > >> For people who hate bugzilla, you can also see the full thread at: > >> > >> https://lore.kernel.org/linux-ext4/bug-204095-13...@https.bugzilla.kernel.org%2F/T/#ra57c95759df5bee542d85f2541bda87735c09f16 > > > > I'm not so sure it's a regression in the USB mass-storage driver, but > > in any case, it looks very much like the problem fixed by this patch > > (not yet merged): > > > > https://marc.info/?l=linux-usb&m=156044081619171&w=2 > > > > Maybe the original bug reporters can try it out and tell us if it > > works. > > > > Alan Stern > > > > > Thanks for the patch > It works for me on 5.2.1 > John Okay, good. Greg, it looks like we need to expedite getting this patch into the mainline. Alan Stern
Re: [PATCH] ISDN: hfcsusb: checking idx of ep configuration
From: Phong Tran Date: Mon, 15 Jul 2019 22:08:14 +0700 > The syzbot test with random endpoint address which made the idx is > overflow in the table of endpoint configuations. > > this adds the checking for fixing the error report from > syzbot > > KASAN: stack-out-of-bounds Read in hfcsusb_probe [1] > The patch tested by syzbot [2] > > Reported-by: syzbot+8750abbc3a46ef47d...@syzkaller.appspotmail.com > > [1]: > https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522 > [2]: > https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ > > Signed-off-by: Phong Tran Applied.
Re: [PATCH 0/3] Fix USB3.0 DRD PHY calibration issues (DWC3/XHCI) on Exynos542x SoCs
Hi Marek,
On Mon, 15 Jul 2019 at 17:49, Marek Szyprowski wrote:
>
> Hi Anand,
>
> On 2019-06-28 17:32, Anand Moon wrote:
> > Hi Marek,
> >
> > On Thu, 27 Jun 2019 at 12:47, Marek Szyprowski
> > wrote:
> >> Dear All,
> >>
> >> Commit d8c80bb3b55b ("phy: exynos5-usbdrd: Calibrate LOS levels for
> >> exynos5420/5800") added support for Exynos5 USB3.0 DRD PHY calibration,
> >> what enabled proper Super-Speed enumeration of USB3.0 devices connected
> >> to various Exynos5 SoCs. After some time it turned out that the mentioned
> >> patch worked a bit by pure luck and covered only one use case (fresh
> >> boot with all drivers compiled into the kernel).
> >>
> >> If drivers were compiled as modules, due to timing issue, it worked only
> >> if XHCI-plat driver was loaded before the DWC3 driver:
> >> https://patchwork.kernel.org/patch/10773947/
> >>
> >> Also during the system suspend/resume cycle the calibration was not
> >> performed at the proper time and resulted in switching USB 3.0 devices to
> >> USB 2.0 high-speed compatibility mode.
> >>
> >> This patch addresses all those issues. Exynos5 USB3.0 DRD PHY calibration
> >> is moved to the Exynos5 specific variant of the XHCI-plat driver, which
> >> takes care of proper PHY calibration after XHCI core reset. This fixes
> >> all known use cases (XHCI driver compiled as module and loaded on demand
> >> as well as during system suspend/resume cycle).
> >>
> >> Here are the logs taken on Exynos5422-based Odroid HC1 board (with USB3.0
> >> RTL8153 LAN and USB3.0 JMicron SATA-USB bridge):
> >>
> > Thanks for these patch. I have tested on linux-next-20190626
> >
> > *But hotpluging of usb device is not working on usb ports.*
>
> Well, this is a bit poor report. I've checked various USB 3.0 devices
> with my XU4 board and didn't observe any issue with hotplug or
> enumeration. Could you describe a bit more how to trigger the issue?
>
Sorry for the noise one of my usb 3.0 port on XU4 is not working somehow.
I will re-test these patches again on current next and share my result.
> > These patches fix the suspend/resume for XU4.
> > But their is two issue.
> > 1> On warm boot fails to reset the usb hub
> > --
> > [7.019896] usb 4-1.1: new SuperSpeed Gen 1 USB device number 3
> > using xhci-hcd
> > [7.063032] usb 4-1.1: New USB device found, idVendor=152d,
> > idProduct=0578, bcdDevice=63.01
> > [7.070484] usb 4-1.1: New USB device strings: Mfr=1, Product=2,
> > SerialNumber=3
> > [7.077438] usb 4-1.1: Product: JMS567
> > [7.081749] usb 4-1.1: Manufacturer: JMicron
> > [7.086028] usb 4-1.1: SerialNumber: DB12345678A3
> > [7.151572] scsi host0: uas
> > [7.162765] scsi 0:0:0:0: Direct-Access KINGSTON SA400S37120G
> >6301 PQ: 0 ANSI: 6
> > [7.176231] sd 0:0:0:0: [sda] 234441648 512-byte logical blocks:
> > (120 GB/112 GiB)
> > [7.177550] sd 0:0:0:0: Attached scsi generic sg0 type 0
> > [7.183547] sd 0:0:0:0: [sda] 4096-byte physical blocks
> > [7.201150] sd 0:0:0:0: [sda] Write Protect is off
> > [7.204977] sd 0:0:0:0: [sda] Disabling FUA
> > [7.209476] sd 0:0:0:0: [sda] Write cache: enabled, read cache:
> > enabled, doesn't support DPO or FUA
> > [7.219411] sd 0:0:0:0: [sda] Optimal transfer size 33553920 bytes
> > not a multiple of physical block size (4096 bytes)
> > [7.713603] sda: sda1
> > [7.736338] sd 0:0:0:0: [sda] Attached SCSI disk
> > [ 11.372630] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> > waiting for setup device command
> > [ 16.650624] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> > waiting for setup device command
> > [ 16.870255] usb 6-1: device not accepting address 2, error -62
> > [ 22.171093] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> > waiting for setup device command
> > [ 27.451021] xhci-hcd exynos5-dwc3-xhci.5.auto: Timeout while
> > waiting for setup device command
> > [ 27.669956] usb 6-1: device not accepting address 3, error -62
> > [ 27.711656] usb usb6-port1: attempt power cycle
> >
> > some how 1250.phy do not de-register when we perform reboot.
>
> Sorry, but this is not related to PHY at all. If I get your log right,
> you have external USB3->SATA bridge which fails to enumerate in your
> case. Does it work right with other boards or vendor kernels? You
> connect it to the XU4 onboard USB3.0 hub, which cannot be programmed or
> controlled in any way, so I doubt we can do anything to fix your issue.
>
Sorry this issue is related to realtek ethernet driver r-8153 failed
to register again
after reboot. It's a know issue for long time as far as I know,
I will double check this again.
>
> > [ 120.260813] shutdown[1]: All loop devices detached.
> > [ 120.308592] sd 0:0:0:0: [sda] Synchronizing SCSI cache
> > [ 120.425890] usb 4-1.1: reset SuperSpeed Gen 1 USB device number 3
> > using xhci-hcd
> > [ 120.500085] wake enabled for irq 155
> > [ 120.592335] re
