Kernel null dereference race condition fix.

Kernel null dereference race condition fix.

[John Boero]

Hi for months Linux users have been reporting random USB crashes with
certain webcams.  It happens randomly and mostly with Logitech webcams
(which claim no Linux support).  I'm pretty sure I've tracked it down
to a simple pointer check before dereference but it completely crashes
USB subsystems until reboot and is really frustrating.

PR and explanation can be found here.  Please have a look.  It won't
fix any race condition but at least it won't Oops the kernel.
https://github.com/torvalds/linux/commit/a40519014549f60969c8e67a2fd91426db05fe04

Thank you!
John Boero

Re: Kernel null dereference race condition fix.

[Alan Stern]

On Thu, Nov 12, 2020 at 11:00:16AM +0000, John Boero wrote:
> Hi for months Linux users have been reporting random USB crashes with
> certain webcams.  It happens randomly and mostly with Logitech webcams
> (which claim no Linux support).  I'm pretty sure I've tracked it down
> to a simple pointer check before dereference but it completely crashes
> USB subsystems until reboot and is really frustrating.
> 
> PR and explanation can be found here.  Please have a look.  It won't
> fix any race condition but at least it won't Oops the kernel.
> https://github.com/torvalds/linux/commit/a40519014549f60969c8e67a2fd91426db05fe04

Are you saying that some webcam driver is calling usb_ifnum_to_if() with 
dev set to NULL?  If it is, that's a bug in the webcam driver.  It needs 
to be fixed by patching the driver, not by patching usbcore.

Can you test this by replacing your patch with the following code in 
usb_ifnum_to_if()?

	if (!dev) {
		WARN(1, "dev is NULL in usb_ifnum_to_if");
		return;
	}

Alan Stern