Message ID | 4D8C47D2.9010501@ozlabs.org (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
On Fri, Mar 25, 2011 at 06:44:18PM +1100, Matt Evans wrote: > During a "plug-unplug" stress test on an NEC xHCI card, a null pointer > dereference was observed. xhci_address_device() dereferenced a null > virt_dev (possibly an erroneous udev->slot_id?); this patch adds a WARN_ON & > message to aid debug if it can be recreated. Hmm, that's interesting. I haven't seen any null pointer dereferences during my tests, but perhaps I'm not being ADDH enough about randomly unplugging devices. :) Let me know if you trigger this again. Sarah Sharp > Signed-off-by: Matt Evans <matt@ozlabs.org> > --- > drivers/usb/host/xhci.c | 11 +++++++++++ > 1 files changed, 11 insertions(+), 0 deletions(-) > > diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c > index 88e6298..7d43456 100644 > --- a/drivers/usb/host/xhci.c > +++ b/drivers/usb/host/xhci.c > @@ -2542,6 +2542,17 @@ int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev) > > virt_dev = xhci->devs[udev->slot_id]; > > + if (WARN_ON(!virt_dev)) { > + /* > + * In plug/unplug torture test with an NEC controller, > + * a zero-dereference was observed once due to virt_dev = 0. > + * Print useful debug rather than crash if it is observed again! > + */ > + xhci_warn(xhci, "Virt dev invalid for slot_id 0x%x!\n", > + udev->slot_id); > + return -EINVAL; > + } > + > slot_ctx = xhci_get_slot_ctx(xhci, virt_dev->in_ctx); > /* > * If this is the first Set Address since device plug-in or > -- > 1.7.0.4 >
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 88e6298..7d43456 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -2542,6 +2542,17 @@ int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev) virt_dev = xhci->devs[udev->slot_id]; + if (WARN_ON(!virt_dev)) { + /* + * In plug/unplug torture test with an NEC controller, + * a zero-dereference was observed once due to virt_dev = 0. + * Print useful debug rather than crash if it is observed again! + */ + xhci_warn(xhci, "Virt dev invalid for slot_id 0x%x!\n", + udev->slot_id); + return -EINVAL; + } + slot_ctx = xhci_get_slot_ctx(xhci, virt_dev->in_ctx); /* * If this is the first Set Address since device plug-in or
During a "plug-unplug" stress test on an NEC xHCI card, a null pointer dereference was observed. xhci_address_device() dereferenced a null virt_dev (possibly an erroneous udev->slot_id?); this patch adds a WARN_ON & message to aid debug if it can be recreated. Signed-off-by: Matt Evans <matt@ozlabs.org> --- drivers/usb/host/xhci.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-)