From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932250AbdCINiF (ORCPT <rfc822;w@1wt.eu>);
        Thu, 9 Mar 2017 08:38:05 -0500
Received: from mga05.intel.com ([192.55.52.43]:41706 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754695AbdCINiD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 9 Mar 2017 08:38:03 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.36,268,1486454400"; 
   d="scan'208";a="1106613545"
Subject: Re: [PATCH] usb: hub: Fix crash after failure to read BOS descriptor
To: Guenter Roeck <linux@roeck-us.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
References: <1488997176-1732-1-git-send-email-linux@roeck-us.net>
Cc: Douglas Anderson <dianders@chromium.org>,
        Brian Norris <briannorris@chromium.org>, linux-usb@vger.kernel.org,
        linux-kernel@vger.kernel.org
From: Mathias Nyman <mathias.nyman@linux.intel.com>
Message-ID: <58C15976.4070805@linux.intel.com>
Date: Thu, 9 Mar 2017 15:32:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <1488997176-1732-1-git-send-email-linux@roeck-us.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 08.03.2017 20:19, Guenter Roeck wrote:
> If usb_get_bos_descriptor() returns an error, usb->bos will be NULL.
> Nevertheless, it is dereferenced unconditionally in
> hub_set_initial_usb2_lpm_policy() if usb2_hw_lpm_capable is set.
> This results in a crash.
>
> usb 5-1: unable to get BOS descriptor
> ...
> Unable to handle kernel NULL pointer dereference at virtual address 00000008
> pgd = ffffffc00165f000
> [00000008] *pgd=000000000174f003, *pud=000000000174f003,
> 		*pmd=0000000001750003, *pte=00e8000001751713
> Internal error: Oops: 96000005 [#1] PREEMPT SMP
> Modules linked in: uinput uvcvideo videobuf2_vmalloc cmac [ ... ]
> CPU: 5 PID: 3353 Comm: kworker/5:3 Tainted: G    B 4.4.52 #480
> Hardware name: Google Kevin (DT)
> Workqueue: events driver_set_config_work
> task: ffffffc0c3690000 ti: ffffffc0ae9a8000 task.ti: ffffffc0ae9a8000
> PC is at hub_port_init+0xc3c/0xd10
> LR is at hub_port_init+0xc3c/0xd10
> ...
> Call trace:
> [<ffffffc0007fbbfc>] hub_port_init+0xc3c/0xd10
> [<ffffffc0007fbe2c>] usb_reset_and_verify_device+0x15c/0x82c
> [<ffffffc0007fc5e0>] usb_reset_device+0xe4/0x298
> [<ffffffbffc0e3fcc>] rtl8152_probe+0x84/0x9b0 [r8152]
> [<ffffffc00080ca8c>] usb_probe_interface+0x244/0x2f8
> [<ffffffc000774a24>] driver_probe_device+0x180/0x3b4
> [<ffffffc000774e48>] __device_attach_driver+0xb4/0xe0
> [<ffffffc000772168>] bus_for_each_drv+0xb4/0xe4
> [<ffffffc0007747ec>] __device_attach+0xd0/0x158
> [<ffffffc000775080>] device_initial_probe+0x24/0x30
> [<ffffffc0007739d4>] bus_probe_device+0x50/0xe4
> [<ffffffc000770bd0>] device_add+0x414/0x738
> [<ffffffc000809fe8>] usb_set_configuration+0x89c/0x914
> [<ffffffc00080a120>] driver_set_config_work+0xc0/0xf0
> [<ffffffc000249bb8>] process_one_work+0x390/0x6b8
> [<ffffffc00024abcc>] worker_thread+0x480/0x610
> [<ffffffc000251a80>] kthread+0x164/0x178
> [<ffffffc0002045d0>] ret_from_fork+0x10/0x40
>
> Since we don't know anything about LPM capabilities without BOS descriptor,
> don't attempt to enable LPM if it is not available.
>
> Fixes: 890dae886721 ("xhci: Enable LPM support only for hardwired ...")
> Cc: Mathias Nyman <mathias.nyman@linux.intel.com>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---

Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>