Re: [PATCH] usb: gadget: configfs: Fix KASAN use-after-free

From: Felipe Balbi
Date: Tue Jan 17 2017 - 04:32:51 EST

Next message: Chris Zhong: "Re: [05/26] drm/rockchip: dw-mipi-dsi: fix command header writes"
Previous message: David Engraf: "Re: [PATCH] tcb_clksrc: Use 32 bit tcb as sched_clock"
In reply to: Greg KH: "Re: [PATCH] usb: gadget: configfs: Fix KASAN use-after-free"
Next in thread: Jim Lin: "Re: [PATCH] usb: gadget: configfs: Fix KASAN use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Greg KH <greg@xxxxxxxxx> writes:
> On Tue, Jan 17, 2017 at 10:07:40AM +0200, Felipe Balbi wrote:
>>
>> Hi,
>>
>> Jim Lin <jilin@xxxxxxxxxx> writes:
>> > When gadget is disconnected, running sequence is like this.
>> > . android_work: sent uevent USB_STATE=DISCONNECTED
>>
>> I'm gonna have to ask you to try with actual mainline where there are no
>> Android changes.
>
> What is android changing these days in the gadget stack that is not
> already upstream?

quite a bit, actually. They have their own android_setup() and an
android_worker thread for notifications. These notifications actually
duplicate (poorly) what we already have for usb_gadget_set_state(). They
also completely ditch composite_setup() to reimplement it with their own
additions. There's also an android class added to
configfs. Android-specific uevents. Android-specific ->disconnect()
implementation, overwriting what we have on composite.c. I just took a
diff from v4.4.10 to current Android head which we're using for some
other project

drivers/usb/gadget/Kconfig | 50 +++++
drivers/usb/gadget/composite.c | 6 +
drivers/usb/gadget/configfs.c | 264 +++++++++++++++++++++++-
drivers/usb/gadget/function/Makefile | 8 +
drivers/usb/gadget/function/f_accessory.c | 1335 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
drivers/usb/gadget/function/f_audio_source.c | 1060 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
drivers/usb/gadget/function/f_fs.c | 11 +-
drivers/usb/gadget/function/f_midi.c | 66 ++++++
drivers/usb/gadget/function/f_mtp.c | 1533 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
drivers/usb/gadget/function/f_mtp.h | 18 ++
drivers/usb/gadget/function/f_ptp.c | 38 ++++
drivers/usb/gadget/function/f_rndis.c | 30 +++
drivers/usb/gadget/function/rndis.c | 112 ++++++++--
drivers/usb/gadget/function/rndis.h | 2 +
drivers/usb/gadget/function/u_ether.c | 305 ++++++++++++++++++++++------
drivers/usb/gadget/function/u_ether.h | 3 +
drivers/usb/gadget/functions.c | 2 +-
17 files changed, 4757 insertions(+), 86 deletions(-)

rather extensive.

--
balbi

Attachment: signature.asc
Description: PGP signature

Next message: Chris Zhong: "Re: [05/26] drm/rockchip: dw-mipi-dsi: fix command header writes"
Previous message: David Engraf: "Re: [PATCH] tcb_clksrc: Use 32 bit tcb as sched_clock"
In reply to: Greg KH: "Re: [PATCH] usb: gadget: configfs: Fix KASAN use-after-free"
Next in thread: Jim Lin: "Re: [PATCH] usb: gadget: configfs: Fix KASAN use-after-free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]