Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/usb/dwc3
History
Frode Isaksen 63ccd26cd1 usb: dwc3: gadget: check that event count does not exceed event buffer length 
The event count is read from register DWC3_GEVNTCOUNT.
There is a check for the count being zero, but not for exceeding the
event buffer length.
Check that event count does not exceed event buffer length,
avoiding an out-of-bounds access when memcpy'ing the event.
Crash log:
Unable to handle kernel paging request at virtual address ffffffc0129be000
pc : __memcpy+0x114/0x180
lr : dwc3_check_event_buf+0xec/0x348
x3 : 0000000000000030 x2 : 000000000000dfc4
x1 : ffffffc0129be000 x0 : ffffff87aad60080
Call trace:
__memcpy+0x114/0x180
dwc3_interrupt+0x24/0x34

Signed-off-by: Frode Isaksen <frode@meta.com>
Fixes: 72246da40f ("usb: Introduce DesignWare USB3 DRD Driver")
Cc: stable <stable@kernel.org>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20250403072907.448524-1-fisaksen@baylibre.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2025-04-11 16:26:20 +02:00
..
Kconfig usb: use "prompt" instead of "bool" for choice prompts 2024-11-04 17:53:09 +09:00
Makefile
core.c usb: dwc3: Set SUSPENDENABLE soon after phy init 2025-03-04 06:26:58 +01:00
core.h usb: dwc3: Set SUSPENDENABLE soon after phy init 2025-03-04 06:26:58 +01:00
debug.h
debugfs.c
drd.c usb: dwc3: Set SUSPENDENABLE soon after phy init 2025-03-04 06:26:58 +01:00
dwc3-am62.c USB: dwc3: Use syscon_regmap_lookup_by_phandle_args 2025-02-14 09:29:32 +01:00
dwc3-exynos.c usb: dwc3: exynos: add support for exynos7870 2025-03-03 10:25:11 +01:00
dwc3-haps.c
dwc3-imx8mp.c usb: dwc3: imx8mp: fix software node kernel dump 2024-12-04 16:26:30 +01:00
dwc3-keystone.c
dwc3-meson-g12a.c
dwc3-octeon.c
dwc3-of-simple.c
dwc3-omap.c usb: dwc3: omap: Fix devm_regulator_get_optional() error handling 2025-01-11 17:02:30 +01:00
dwc3-pci.c usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield 2025-02-14 09:29:20 +01:00
dwc3-qcom.c usb: Use (of|device)_property_present() for non-boolean properties 2024-11-05 13:29:26 +01:00
dwc3-rtk.c
dwc3-st.c usb: dwc3: Don't use %pK through printk 2025-03-14 09:17:30 +01:00
dwc3-xilinx.c usb: dwc3: xilinx: Prevent spike in reset signal 2025-04-11 16:21:03 +02:00
ep0.c usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED 2024-11-16 09:04:56 +01:00
gadget.c usb: dwc3: gadget: check that event count does not exceed event buffer length 2025-04-11 16:26:20 +02:00
gadget.h
host.c
io.h
trace.c
trace.h
ulpi.c