From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Krzysztof Mazur <krzysiek@podlesie.net>,
Alan Stern <stern@rowland.harvard.edu>
Subject: [PATCH 3.11 23/25] usb: fail on usb_hub_create_port_device() errors
Date: Mon, 18 Nov 2013 10:40:52 -0800 [thread overview]
Message-ID: <20131118184039.408334088@linuxfoundation.org> (raw)
In-Reply-To: <20131118184032.248465920@linuxfoundation.org>
3.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Mazur <krzysiek@podlesie.net>
commit e58547eb9561a8a72d46e2d411090a614d33ac0e upstream.
Ignoring usb_hub_create_port_device() errors cause later NULL pointer
deference when uninitialized hub->ports[i] entries are dereferenced
after port memory allocation error.
Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1557,10 +1557,15 @@ static int hub_configure(struct usb_hub
if (hub->has_indicators && blinkenlights)
hub->indicator [0] = INDICATOR_CYCLE;
- for (i = 0; i < hdev->maxchild; i++)
- if (usb_hub_create_port_device(hub, i + 1) < 0)
+ for (i = 0; i < hdev->maxchild; i++) {
+ ret = usb_hub_create_port_device(hub, i + 1);
+ if (ret < 0) {
dev_err(hub->intfdev,
"couldn't create port%d device.\n", i + 1);
+ hdev->maxchild = i;
+ goto fail_keep_maxchild;
+ }
+ }
usb_hub_adjust_deviceremovable(hdev, hub->descriptor);
@@ -1569,6 +1574,7 @@ static int hub_configure(struct usb_hub
fail:
hdev->maxchild = 0;
+fail_keep_maxchild:
dev_err (hub_dev, "config failed, %s (err %d)\n",
message, ret);
/* hub_disconnect() frees urb and descriptor */
next prev parent reply other threads:[~2013-11-18 18:54 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-18 18:40 [PATCH 3.11 00/25] 3.11.9-stable review Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 01/25] net/mlx4_core: Fix call to __mlx4_unregister_mac Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 02/25] net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 03/25] net: flow_dissector: fail on evil iph->ihl Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 04/25] virtio-net: correctly handle cpu hotplug notifier during resuming Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 05/25] xen-netback: use jiffies_64 value to calculate credit timeout Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 06/25] cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 07/25] tcp: gso: fix truesize tracking Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 08/25] ipv6: ip6_dst_check needs to check for expired dst_entries Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 09/25] ipv6: reset dst.expires value when clearing expire flag Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 10/25] xen-netback: Handle backend state transitions in a more robust way Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 11/25] xen-netback: transition to CLOSED when removing a VIF Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 12/25] Thermal: x86_pkg_temp: change spin lock Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 13/25] hyperv-fb: add pci stub Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 14/25] USB: add new zte 3g-dongles pid to option.c Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 15/25] ALSA: hda - hdmi: Fix reported channel map on common default layouts Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 16/25] tracing: Fix potential out-of-bounds in trace_get_user() Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 17/25] drm/i915/dp: workaround BIOS eDP bpp clamping issue Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 18/25] perf: Fix perf ring buffer memory ordering Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 19/25] iwlwifi: pcie: add new SKUs for 7000 & 3160 NIC series Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 20/25] misc: atmel_pwm: add deferred-probing support Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 21/25] backlight: atmel-pwm-bl: fix deferred probe from __init Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 22/25] usb: fix cleanup after failure in hub_configure() Greg Kroah-Hartman
2013-11-18 18:40 ` Greg Kroah-Hartman [this message]
2013-11-18 18:40 ` [PATCH 3.11 24/25] usbcore: set lpm_capable field for LPM capable root hubs Greg Kroah-Hartman
2013-11-18 18:40 ` [PATCH 3.11 25/25] media: sh_vou: almost forever loop in sh_vou_try_fmt_vid_out() Greg Kroah-Hartman
2013-11-19 3:09 ` [PATCH 3.11 00/25] 3.11.9-stable review Guenter Roeck
2013-11-20 11:06 ` Satoru Takeuchi
2013-11-20 15:26 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131118184039.408334088@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=krzysiek@podlesie.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.