From: Mathias Nyman <mathias.nyman@linux.intel.com>
To: <gregkh@linuxfoundation.org>
Cc: <linux-usb@vger.kernel.org>,
Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 2/4] xhci: check control context is valid before dereferencing it.
Date: Tue, 6 Apr 2021 10:02:06 +0300 [thread overview]
Message-ID: <20210406070208.3406266-3-mathias.nyman@linux.intel.com> (raw)
In-Reply-To: <20210406070208.3406266-1-mathias.nyman@linux.intel.com>
Don't dereference ctrl_ctx before checking it's valid.
Issue reported by Klockwork
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
---
drivers/usb/host/xhci.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 5d9fc3cd07a5..f9614716ecd7 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3261,6 +3261,14 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd,
/* config ep command clears toggle if add and drop ep flags are set */
ctrl_ctx = xhci_get_input_control_ctx(cfg_cmd->in_ctx);
+ if (!ctrl_ctx) {
+ spin_unlock_irqrestore(&xhci->lock, flags);
+ xhci_free_command(xhci, cfg_cmd);
+ xhci_warn(xhci, "%s: Could not get input context, bad type.\n",
+ __func__);
+ goto cleanup;
+ }
+
xhci_setup_input_ctx_for_config_ep(xhci, cfg_cmd->in_ctx, vdev->out_ctx,
ctrl_ctx, ep_flag, ep_flag);
xhci_endpoint_copy(xhci, cfg_cmd->in_ctx, vdev->out_ctx, ep_index);
--
2.25.1
next prev parent reply other threads:[~2021-04-06 7:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 7:02 [PATCH 0/4] xhci features for usb-next Mathias Nyman
2021-04-06 7:02 ` [PATCH 1/4] xhci: check port array allocation was successful before dereferencing it Mathias Nyman
2021-04-06 7:02 ` Mathias Nyman [this message]
2021-04-06 7:02 ` [PATCH 3/4] xhci: fix potential array out of bounds with several interrupters Mathias Nyman
2021-04-06 7:02 ` [PATCH 4/4] xhci: prevent double-fetch of transfer and transfer event TRBs Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210406070208.3406266-3-mathias.nyman@linux.intel.com \
--to=mathias.nyman@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.