From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: [1/2] usb: musb: host: fix potential NULL pointer dereference From: Greg Kroah-Hartman Message-Id: <20180430164215.GA17510@kroah.com> Date: Mon, 30 Apr 2018 09:42:15 -0700 To: Bin Liu Cc: linux-usb@vger.kernel.org, stable@vger.kernel.org List-ID: T24gTW9uLCBBcHIgMzAsIDIwMTggYXQgMTE6MjA6NTNBTSAtMDUwMCwgQmluIExpdSB3cm90ZToK PiBtdXNiX3N0YXJ0X3VyYigpIGRvZXNuJ3QgY2hlY2sgdGhlIHBhc3MtaW4gcGFyYW1ldGVyIGlm IGl0IGlzIE5VTEwuICBCdXQKPiBpbiBtdXNiX2J1bGtfbmFrX3RpbWVvdXQoKSB0aGUgcGFyYW1l dGVyIHBhc3NlZCB0byBtdXNiX3N0YXJ0X3VyYigpIGlzCj4gcmV0dXJuZWQgZnJvbSBmaXJzdF9x aCgpLCB3aGljaCBjb3VsZCBiZSBOVUxMLgo+IAo+IFNvIHdyYXAgdGhlIG11c2Jfc3RhcnRfdXJi KCkgY2FsbCBoZXJlIHdpdGggYSBpZiBjb25kaXRpb24gY2hlY2sgdG8KPiBhdm9pZCB0aGUgcG90 ZW50aWFsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZS4KPiAKPiBGaXhlczogZjI4Mzg2MmYzYjVj YigidXNiOiBtdXNiOiBOQUsgdGltZW91dCBzY2hlbWUgb24gYnVsayBUWCBlbmRwb2ludCIpCgpO aXQsIHlvdSBmb3Jnb3QgYSAnICcsIHRoaXMgc2hvdWxkIGJlOgoJZjI4Mzg2MmYzYjVjICgidXNi OiBtdXNiOiBOQUsgdGltZW91dCBzY2hlbWUgb24gYnVsayBUWCBlbmRwb2ludCIpCgpZb3UgYWxz byBoYWQgb25lIGV4dHJhIGlkIHZhbHVlIGluIHRoZXJlLCBvZGQuICBJJ2xsIGVkaXQgdGhpcyBi eQpoYW5kLi4uCgpncmVnIGstaAotLS0KVG8gdW5zdWJzY3JpYmUgZnJvbSB0aGlzIGxpc3Q6IHNl bmQgdGhlIGxpbmUgInVuc3Vic2NyaWJlIGxpbnV4LXVzYiIgaW4KdGhlIGJvZHkgb2YgYSBtZXNz YWdlIHRvIG1ham9yZG9tb0B2Z2VyLmtlcm5lbC5vcmcKTW9yZSBtYWpvcmRvbW8gaW5mbyBhdCAg aHR0cDovL3ZnZXIua2VybmVsLm9yZy9tYWpvcmRvbW8taW5mby5odG1sCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.kernel.org ([198.145.29.99]:46070 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754781AbeD3QmZ (ORCPT ); Mon, 30 Apr 2018 12:42:25 -0400 Date: Mon, 30 Apr 2018 09:42:15 -0700 From: Greg Kroah-Hartman To: Bin Liu Cc: linux-usb@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH 1/2] usb: musb: host: fix potential NULL pointer dereference Message-ID: <20180430164215.GA17510@kroah.com> References: <1525105254-2852-1-git-send-email-b-liu@ti.com> <1525105254-2852-2-git-send-email-b-liu@ti.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1525105254-2852-2-git-send-email-b-liu@ti.com> Sender: stable-owner@vger.kernel.org List-ID: On Mon, Apr 30, 2018 at 11:20:53AM -0500, Bin Liu wrote: > musb_start_urb() doesn't check the pass-in parameter if it is NULL. But > in musb_bulk_nak_timeout() the parameter passed to musb_start_urb() is > returned from first_qh(), which could be NULL. > > So wrap the musb_start_urb() call here with a if condition check to > avoid the potential NULL pointer dereference. > > Fixes: f283862f3b5cb("usb: musb: NAK timeout scheme on bulk TX endpoint") Nit, you forgot a ' ', this should be: f283862f3b5c ("usb: musb: NAK timeout scheme on bulk TX endpoint") You also had one extra id value in there, odd. I'll edit this by hand... greg k-h