[ 3.5.y.z extended stable ] Patch "xhci: fix null pointer dereference on" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Mon Jul 29 15:34:30 UTC 2013 

This is a note to let you know that I have just added a patch titled

    xhci: fix null pointer dereference on

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 1af5c291685171f32ac8a33c1bd8173cf160790b Mon Sep 17 00:00:00 2001
From: Oleksij Rempel <linux at rempel-privat.de>
Date: Sun, 21 Jul 2013 15:36:19 +0200
Subject: [PATCH] xhci: fix null pointer dereference on
 ring_doorbell_for_active_rings

commit d66eaf9f89502971fddcb0de550b01fa6f409d83 upstream.

in some cases where device is attched to xhci port and do not responding,
for example ath9k_htc with stalled firmware, kernel will
crash on ring_doorbell_for_active_rings.
This patch check if pointer exist before it is used.

This patch should be backported to kernels as old as 2.6.35, that
contain the commit e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 "USB: xhci:
Correct assumptions about number of rings per endpoint"

Signed-off-by: Oleksij Rempel <linux at rempel-privat.de>
Signed-off-by: Sarah Sharp <sarah.a.sharp at linux.intel.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/usb/host/xhci-ring.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 8d0b1e8..37cecce 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -434,7 +434,7 @@ static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,

 	/* A ring has pending URBs if its TD list is not empty */
 	if (!(ep->ep_state & EP_HAS_STREAMS)) {
-		if (!(list_empty(&ep->ring->td_list)))
+		if (ep->ring && !(list_empty(&ep->ring->td_list)))
 			xhci_ring_ep_doorbell(xhci, slot_id, ep_index, 0);
 		return;
 	}
--
1.8.1.2

More information about the kernel-team mailing list