mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 05:24:39 +01:00
321b59870f
The UDC is not a suitable parent of the net device as the UDC can change or vanish during the lifecycle of the ethernet gadget. This can be illustrated with the following: mkdir -p /sys/kernel/config/usb_gadget/mygadget cd /sys/kernel/config/usb_gadget/mygadget mkdir -p configs/c.1/strings/0x409 echo "C1:Composite Device" > configs/c.1/strings/0x409/configuration mkdir -p functions/ecm.usb0 ln -s functions/ecm.usb0 configs/c.1/ echo "dummy_udc.0" > UDC rmmod dummy_hcd The 'rmmod' removes the UDC from the just created gadget, leaving the still existing net device with a no longer existing parent. Accessing the ethernet device with commands like: ip --details link show usb0 will result in a KASAN splat: ================================================================== BUG: KASAN: use-after-free in if_nlmsg_size+0x3e8/0x528 Read of size 4 at addr c5c84754 by task ip/357 CPU: 3 PID: 357 Comm: ip Not tainted 6.1.0-rc3-00013-gd14953726b24-dirty #324 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x58/0x70 dump_stack_lvl from print_report+0x134/0x4d4 print_report from kasan_report+0x78/0x10c kasan_report from if_nlmsg_size+0x3e8/0x528 if_nlmsg_size from rtnl_getlink+0x2b4/0x4d0 rtnl_getlink from rtnetlink_rcv_msg+0x1f4/0x674 rtnetlink_rcv_msg from netlink_rcv_skb+0xb4/0x1f8 netlink_rcv_skb from netlink_unicast+0x294/0x478 netlink_unicast from netlink_sendmsg+0x328/0x640 netlink_sendmsg from ____sys_sendmsg+0x2a4/0x3b4 ____sys_sendmsg from ___sys_sendmsg+0xc8/0x12c ___sys_sendmsg from sys_sendmsg+0xa0/0x120 sys_sendmsg from ret_fast_syscall+0x0/0x1c Solve this by not setting the parent of the ethernet device. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Link: https://lore.kernel.org/r/20221104131031.850850-2-s.hauer@pengutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| f_acm.c | ||
| f_ecm.c | ||
| f_eem.c | ||
| f_fs.c | ||
| f_hid.c | ||
| f_loopback.c | ||
| f_mass_storage.c | ||
| f_mass_storage.h | ||
| f_midi.c | ||
| f_ncm.c | ||
| f_obex.c | ||
| f_phonet.c | ||
| f_printer.c | ||
| f_rndis.c | ||
| f_serial.c | ||
| f_sourcesink.c | ||
| f_subset.c | ||
| f_tcm.c | ||
| f_uac1.c | ||
| f_uac1_legacy.c | ||
| f_uac2.c | ||
| f_uvc.c | ||
| f_uvc.h | ||
| g_zero.h | ||
| Makefile | ||
| ndis.h | ||
| rndis.c | ||
| rndis.h | ||
| storage_common.c | ||
| storage_common.h | ||
| tcm.h | ||
| u_audio.c | ||
| u_audio.h | ||
| u_ecm.h | ||
| u_eem.h | ||
| u_ether.c | ||
| u_ether.h | ||
| u_ether_configfs.h | ||
| u_fs.h | ||
| u_gether.h | ||
| u_hid.h | ||
| u_midi.h | ||
| u_ncm.h | ||
| u_phonet.h | ||
| u_printer.h | ||
| u_rndis.h | ||
| u_serial.c | ||
| u_serial.h | ||
| u_tcm.h | ||
| u_uac1.h | ||
| u_uac1_legacy.c | ||
| u_uac1_legacy.h | ||
| u_uac2.h | ||
| u_uvc.h | ||
| uac_common.h | ||
| uvc.h | ||
| uvc_configfs.c | ||
| uvc_configfs.h | ||
| uvc_queue.c | ||
| uvc_queue.h | ||
| uvc_v4l2.c | ||
| uvc_v4l2.h | ||
| uvc_video.c | ||
| uvc_video.h | ||