releases/4.14.44/usb-ohci-fix-null-dereference-in-hcds-using-hcd_local_mem.patch

   1 From foo@baz Thu May 24 11:09:34 CEST 2018
   2 From: Fredrik Noring <noring@nocrew.org>
   3 Date: Fri, 9 Mar 2018 18:34:34 +0100
   4 Subject: USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
   5
   6 From: Fredrik Noring <noring@nocrew.org>
   7
   8 [ Upstream commit d6c931ea32dc08ac2665bb5f009f9c40ad1bbdb3 ]
   9
  10 Scatter-gather needs to be disabled when using dma_declare_coherent_memory
  11 and HCD_LOCAL_MEM. Andrea Righi made the equivalent fix for EHCI drivers
  12 in commit 4307a28eb01284 "USB: EHCI: fix NULL pointer dererence in HCDs
  13 that use HCD_LOCAL_MEM".
  14
  15 The following NULL pointer WARN_ON_ONCE triggered with OHCI drivers:
  16
  17 ------------[ cut here ]------------
  18 WARNING: CPU: 0 PID: 49 at drivers/usb/core/hcd.c:1379 hcd_alloc_coherent+0x4c/0xc8
  19 Modules linked in:
  20 CPU: 0 PID: 49 Comm: usb-storage Not tainted 4.15.0+ #1014
  21 Stack : 00000000 00000000 805a78d2 0000003a 81f5c2cc 8053d367 804d77fc 00000031
  22         805a3a08 00000563 81ee9400 805a0000 00000000 10058c00 81f61b10 805c0000
  23         00000000 00000000 805a0000 00d9038e 00000004 803ee818 00000006 312e3420
  24         805c0000 00000000 00000073 81f61958 00000000 00000000 802eb380 804fd538
  25         00000009 00000563 81ee9400 805a0000 00000002 80056148 00000000 805a0000
  26         ...
  27 Call Trace:
  28 [<578af360>] show_stack+0x74/0x104
  29 [<2f3702c6>] __warn+0x118/0x120
  30 [<ae93fc9e>] warn_slowpath_null+0x44/0x58
  31 [<a891a517>] hcd_alloc_coherent+0x4c/0xc8
  32 [<3578fa36>] usb_hcd_map_urb_for_dma+0x4d8/0x534
  33 [<110bc94c>] usb_hcd_submit_urb+0x82c/0x834
  34 [<02eb5baf>] usb_sg_wait+0x14c/0x1a0
  35 [<ccd09e85>] usb_stor_bulk_transfer_sglist.part.1+0xac/0x124
  36 [<87a5c34c>] usb_stor_bulk_srb+0x40/0x60
  37 [<ff1792ac>] usb_stor_Bulk_transport+0x160/0x37c
  38 [<b9e2709c>] usb_stor_invoke_transport+0x3c/0x500
  39 [<004754f4>] usb_stor_control_thread+0x258/0x28c
  40 [<22edf42e>] kthread+0x134/0x13c
  41 [<a419ffd0>] ret_from_kernel_thread+0x14/0x1c
  42 ---[ end trace bcdb825805eefdcc ]---
  43
  44 Signed-off-by: Fredrik Noring <noring@nocrew.org>
  45 Acked-by: Alan Stern <stern@rowland.harvard.edu>
  46 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
  47 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  48 ---
  49  drivers/usb/host/ohci-hcd.c |    3 ++-
  50  1 file changed, 2 insertions(+), 1 deletion(-)
  51
  52 --- a/drivers/usb/host/ohci-hcd.c
  53 +++ b/drivers/usb/host/ohci-hcd.c
  54 @@ -446,7 +446,8 @@ static int ohci_init (struct ohci_hcd *o
  55         struct usb_hcd *hcd = ohci_to_hcd(ohci);
  56
  57         /* Accept arbitrarily long scatter-gather lists */
  58 -       hcd->self.sg_tablesize = ~0;
  59 +       if (!(hcd->driver->flags & HCD_LOCAL_MEM))
  60 +               hcd->self.sg_tablesize = ~0;
  61
  62         if (distrust_firmware)
  63                 ohci->flags |= OHCI_QUIRK_HUB_POWER;