From: Peter Chen <hzpeterchen@gmail.com>
To: Vaibhav Hiremath <vaibhav.hiremath@linaro.org>
Cc: linux-usb@vger.kernel.org, gregkh@linuxfoundation.org,
robh@kernel.org, p.zabel@pengutronix.de,
stern@rowland.harvard.edu, arnd@arndb.de,
peter.chen@freescale.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] USB: core: of: Check device_node before parsing in usb_of_get_child_node()
Date: Tue, 16 Aug 2016 09:33:36 +0800 [thread overview]
Message-ID: <20160816013336.GC16965@shlinux2> (raw)
In-Reply-To: <1471285870-21433-1-git-send-email-vaibhav.hiremath@linaro.org>
On Mon, Aug 15, 2016 at 11:31:10AM -0700, Vaibhav Hiremath wrote:
> In case of HUB devices connected to USB ports, we may not have DT
> node representing it inside USB, and when devices connected to hub
> gets enumerated, call to usb_of_get_child_node() leads to NULL pointer
> dereference.
>
> In the usecase we have, where EHCI port is connected to USB HUB
> device, and downward ports of HUB are connected to further USB
> devices. When those devices gets enumerated, in order,
> 1. USB HUB ->
> -> Call to usb_of_get_child_node() is OK, as
> parent->dev.of_node is pointing to host node.
> 2. Devices connected to downward port of USB HUB
> -> Call to usb_of_get_child_node() leads to NULL
> pointer dereference as parent->dev.of_node = NULL,
> as USB HUB DTS node may be empty.
>
> Fix this NULL pointer dereference by adding check for pointer
> device_node inside usb_of_get_child_node() fn.
>
> Signed-off-by: Vaibhav Hiremath <vaibhav.hiremath@linaro.org>
> ---
> Testing: I have build tested it against mainline.
>
> drivers/usb/core/of.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/usb/core/of.c b/drivers/usb/core/of.c
> index 2289700..dc667a3 100644
> --- a/drivers/usb/core/of.c
> +++ b/drivers/usb/core/of.c
> @@ -34,6 +34,9 @@ struct device_node *usb_of_get_child_node(struct device_node *parent,
> struct device_node *node;
> u32 port;
>
> + if (!parent)
> + return NULL;
> +
> for_each_child_of_node(parent, node) {
> if (!of_property_read_u32(node, "reg", &port)) {
> if (port == portnum)
I am afraid I can't reproduce it, would you please show me your dump
when null pointer dereference occurs? From what I find the
__of_get_next_child checks null pointer for parent node.
--
Best Regards,
Peter Chen
next prev parent reply other threads:[~2016-08-16 1:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-15 18:31 [PATCH] USB: core: of: Check device_node before parsing in usb_of_get_child_node() Vaibhav Hiremath
2016-08-15 18:41 ` Greg KH
2016-08-15 19:18 ` Vaibhav Hiremath
2016-08-15 19:34 ` Alan Stern
2016-08-16 1:33 ` Peter Chen [this message]
2016-08-16 21:14 ` Vaibhav Hiremath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160816013336.GC16965@shlinux2 \
--to=hzpeterchen@gmail.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=p.zabel@pengutronix.de \
--cc=peter.chen@freescale.com \
--cc=robh@kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=vaibhav.hiremath@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.