| From 59cfc79da8b121dc2832442fd9936d8a24cd7ba5 Mon Sep 17 00:00:00 2001 |
| From: Douglas Anderson <dianders@chromium.org> |
| Date: Mon, 11 Dec 2023 07:32:41 -0800 |
| Subject: [PATCH] FROMGIT: usb: core: Fix crash w/ usb_choose_configuration() |
| if no driver |
| |
| It's possible that usb_choose_configuration() can get called when a |
| USB device has no driver. In this case the recent commit a87b8e3be926 |
| ("usb: core: Allow subclassed USB drivers to override |
| usb_choose_configuration()") can cause a crash since it dereferenced |
| the driver structure without checking for NULL. Let's add a check. |
| |
| A USB device with no driver is an anomaly, so make |
| usb_choose_configuration() return immediately if there is no driver. |
| |
| This was seen in the real world when usbguard got ahold of a r8152 |
| device at the wrong time. It can also be simulated via this on a |
| computer with one r8152-based USB Ethernet adapter: |
| cd /sys/bus/usb/drivers/r8152-cfgselector |
| to_unbind="$(ls -d *-*)" |
| real_dir="$(readlink -f "${to_unbind}")" |
| echo "${to_unbind}" > unbind |
| cd "${real_dir}" |
| echo 0 > authorized |
| echo 1 > authorized |
| |
| Fixes: a87b8e3be926 ("usb: core: Allow subclassed USB drivers to override usb_choose_configuration()") |
| Reviewed-by: Alan Stern <stern@rowland.harvard.edu> |
| Signed-off-by: Douglas Anderson <dianders@chromium.org> |
| Link: https://lore.kernel.org/r/20231211073237.v3.1.If27eb3bf7812f91ab83810f232292f032f4203e0@changeid |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| (cherry picked from commit 44995e6f07028f798efd0c3c11a1efc78330f600 |
| git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next) |
| |
| BUG=b:315368713, b:315793355 |
| TEST=Run commands in commit text; test w/ CL5105588 |
| |
| Change-Id: If27eb3bf7812f91ab83810f232292f032f4203e0 |
| Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5111222 |
| Tested-by: Douglas Anderson <dianders@chromium.org> |
| Reviewed-by: Grant Grundler <grundler@chromium.org> |
| Reviewed-by: Sean Paul <sean@poorly.run> |
| Commit-Queue: Douglas Anderson <dianders@chromium.org> |
| (cherry picked from commit b280d3d89180700dc647209482df2fbe62174198) |
| Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5132552 |
| Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> |
| --- |
| drivers/usb/core/generic.c | 11 ++++++++++- |
| 1 file changed, 10 insertions(+), 1 deletion(-) |
| |
| diff --git a/drivers/usb/core/generic.c b/drivers/usb/core/generic.c |
| index dcb897158228453fc6fa96118a8d552a82471026..b134bff5c3fe3e86215bdcd14a2591a521f5ba3c 100644 |
| --- a/drivers/usb/core/generic.c |
| +++ b/drivers/usb/core/generic.c |
| @@ -59,7 +59,16 @@ int usb_choose_configuration(struct usb_device *udev) |
| int num_configs; |
| int insufficient_power = 0; |
| struct usb_host_config *c, *best; |
| - struct usb_device_driver *udriver = to_usb_device_driver(udev->dev.driver); |
| + struct usb_device_driver *udriver; |
| + |
| + /* |
| + * If a USB device (not an interface) doesn't have a driver then the |
| + * kernel has no business trying to select or install a configuration |
| + * for it. |
| + */ |
| + if (!udev->dev.driver) |
| + return -1; |
| + udriver = to_usb_device_driver(udev->dev.driver); |
| |
| if (usb_device_is_owned(udev)) |
| return 0; |
| -- |
| 2.43.0.195.gebba966016-goog |
| |
