Bug 5987 - [ANCK 5.10]usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
Summary: [ANCK 5.10]usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
Status: RESOLVED FIXED
Alias: None
Product: ANCK 5.10 Dev
Classification: ANCK
Component: drivers (show other bugs) drivers
Version: unspecified
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: GuixinLiu
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-26 11:28 UTC by zhujun
Modified: 2023-08-16 15:53 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zhujun cmss_group 2023-07-26 11:28:49 UTC 
kernel-5.10 软件逻辑bug
The Qualcomm dwc3 runtime-PM implementation checks the xhci
platform-device pointer in the wakeup-interrupt handler to determine
whether the controller is in host mode and if so triggers a resume.
    
After a role switch in OTG mode the xhci platform-device would have been
freed and the next wakeup from runtime suspend would access the freed
memory.
    
Note that role switching is executed from a freezable workqueue, which
guarantees that the pointer is stable during suspend.
    
Also note that runtime PM has been broken since commit 2664deb09306
("usb: dwc3: qcom: Honor wakeup enabled/disabled state"), which
incidentally also prevents this issue from being triggered.



Additional info:

社区有patch已经解决
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup

commit 451fa90150f2f7b5376919f17f88bf9c0deff2ee

Reference:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=451fa90150f2f7b5376919f17f88bf9c0deff2ee

git cherry-pick -s 451fa90150f(with stable-v5.10.142 repo added)
Comment 1 小龙 admin 2023-07-26 14:38:14 UTC 
The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1954
Comment 2 GuixinLiu alibaba_cloud_group 2023-08-16 15:53:36 UTC 
already fixed