summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHongren Zheng <i@zenithal.me>2023-10-14 15:46:04 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2023-10-16 19:58:49 +0200
commit17d6b82d2d6d467149874b883cdba844844b996d (patch)
tree12531643a77e285056f0032f99cd54df8db9a603
parentd0d27ef87e1ca974ed93ed4f7d3c123cbd392ba6 (diff)
usb/usbip: fix wrong data added to platform device
.data of platform_device_info will be copied into .platform_data of struct device via platform_device_add_data. However, vhcis[i] contains a spinlock, is dynamically allocated and used by other code, so it is not meant to be copied. The workaround was to use void *vhci as an agent, but it was removed in the commit suggested below. This patch adds back the workaround and changes the way of using platform_data accordingly. Reported-by: syzbot+e0dbc33630a092ccf033@syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000029242706077f3145@google.com/ Reported-by: syzbot+6867a9777f4b8dc4e256@syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/0000000000007634c1060793197c@google.com/ Fixes: b8aaf639b403 ("usbip: Use platform_device_register_full()") Tested-by: syzbot+6867a9777f4b8dc4e256@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/0000000000007ac87d0607979b6b@google.com/ Signed-off-by: Hongren Zheng <i@zenithal.me> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Shuah Khan <skhan@linuxfoundation.org> Link: https://lore.kernel.org/r/ZSpHPCaQ5DDA9Ysl@Sun Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/usb/usbip/vhci_hcd.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index f845b91848b9..82650c11e451 100644
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -1139,7 +1139,7 @@ static int hcd_name_to_id(const char *name)
static int vhci_setup(struct usb_hcd *hcd)
{
- struct vhci *vhci = dev_get_platdata(hcd->self.controller);
+ struct vhci *vhci = *((void **)dev_get_platdata(hcd->self.controller));
if (usb_hcd_is_primary_hcd(hcd)) {
vhci->vhci_hcd_hs = hcd_to_vhci_hcd(hcd);
@@ -1257,7 +1257,7 @@ static int vhci_get_frame_number(struct usb_hcd *hcd)
/* FIXME: suspend/resume */
static int vhci_bus_suspend(struct usb_hcd *hcd)
{
- struct vhci *vhci = dev_get_platdata(hcd->self.controller);
+ struct vhci *vhci = *((void **)dev_get_platdata(hcd->self.controller));
unsigned long flags;
dev_dbg(&hcd->self.root_hub->dev, "%s\n", __func__);
@@ -1271,7 +1271,7 @@ static int vhci_bus_suspend(struct usb_hcd *hcd)
static int vhci_bus_resume(struct usb_hcd *hcd)
{
- struct vhci *vhci = dev_get_platdata(hcd->self.controller);
+ struct vhci *vhci = *((void **)dev_get_platdata(hcd->self.controller));
int rc = 0;
unsigned long flags;
@@ -1338,7 +1338,7 @@ static const struct hc_driver vhci_hc_driver = {
static int vhci_hcd_probe(struct platform_device *pdev)
{
- struct vhci *vhci = dev_get_platdata(&pdev->dev);
+ struct vhci *vhci = *((void **)dev_get_platdata(&pdev->dev));
struct usb_hcd *hcd_hs;
struct usb_hcd *hcd_ss;
int ret;
@@ -1396,7 +1396,7 @@ put_usb2_hcd:
static void vhci_hcd_remove(struct platform_device *pdev)
{
- struct vhci *vhci = dev_get_platdata(&pdev->dev);
+ struct vhci *vhci = *((void **)dev_get_platdata(&pdev->dev));
/*
* Disconnects the root hub,
@@ -1431,7 +1431,7 @@ static int vhci_hcd_suspend(struct platform_device *pdev, pm_message_t state)
if (!hcd)
return 0;
- vhci = dev_get_platdata(hcd->self.controller);
+ vhci = *((void **)dev_get_platdata(hcd->self.controller));
spin_lock_irqsave(&vhci->lock, flags);
@@ -1522,10 +1522,11 @@ static int __init vhci_hcd_init(void)
goto err_driver_register;
for (i = 0; i < vhci_num_controllers; i++) {
+ void *vhci = &vhcis[i];
struct platform_device_info pdevinfo = {
.name = driver_name,
.id = i,
- .data = &vhcis[i],
+ .data = &vhci,
.size_data = sizeof(void *),
};