Re: Highly critical bug in XHCI Controller
From: Greg KH
Date: Sun Nov 17 2024 - 08:12:36 EST
On Sun, Nov 17, 2024 at 03:33:28PM +0800, Markus Rechberger wrote:
> Hi,
>
>
> the issue was first reported at vdr-portal.de
> https://www-vdr--portal-de.translate.goog/forum/index.php?thread/136541-empfehlung-dvb-s2-tuner-oder-satip/&postID=1376196&_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=de&_x_tr_pto=wapp#post1376196
>
> we've got around a highly critical bug in the xhci driver.
>
> https://sundtek.de/support/uxvd32.txt
>
> In xhci.c
>
> The bug is still active in Mainline:
> https://github.com/torvalds/linux/blob/master/drivers/usb/host/xhci.c#L2382
>
> static int xhci_check_bw_table(struct xhci_hcd *xhci,
> struct xhci_virt_device *virt_dev,
> int old_active_eps)
>
> bw_table can end up with a NULL pointer.
>
> This problem will lead to a complete kernel crash, rendering the entire
> system unusable without any access to the actual linux system.
>
> How to trigger the problem?
> Short D+/D- or pull them to ground on a USB device while connecting the
> device.
>
> The problem can happen due to following cases:
> * a device is getting suddenly disconnected during enumeration
> * a faulty cable
> * a faulty device
> * a malicious device triggers this issue on purpose
> * if there are electrical issues during connecting a device.
Bad hardware is always a problem, can you send a patch to resolve this
as you seem to be able to reproduce it?
thanks,
greg k-h