* [PATCH 4/5] xhci: Add an assertion to check for virt_dev=0 bug.
@ 2011-03-25 7:44 Matt Evans
2011-03-28 22:23 ` Sarah Sharp
0 siblings, 1 reply; 2+ messages in thread
From: Matt Evans @ 2011-03-25 7:44 UTC (permalink / raw)
To: sarah.a.sharp; +Cc: linuxppc-dev, linux-usb
During a "plug-unplug" stress test on an NEC xHCI card, a null pointer
dereference was observed. xhci_address_device() dereferenced a null
virt_dev (possibly an erroneous udev->slot_id?); this patch adds a WARN_ON &
message to aid debug if it can be recreated.
Signed-off-by: Matt Evans <matt@ozlabs.org>
---
drivers/usb/host/xhci.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 88e6298..7d43456 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -2542,6 +2542,17 @@ int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev)
virt_dev = xhci->devs[udev->slot_id];
+ if (WARN_ON(!virt_dev)) {
+ /*
+ * In plug/unplug torture test with an NEC controller,
+ * a zero-dereference was observed once due to virt_dev = 0.
+ * Print useful debug rather than crash if it is observed again!
+ */
+ xhci_warn(xhci, "Virt dev invalid for slot_id 0x%x!\n",
+ udev->slot_id);
+ return -EINVAL;
+ }
+
slot_ctx = xhci_get_slot_ctx(xhci, virt_dev->in_ctx);
/*
* If this is the first Set Address since device plug-in or
--
1.7.0.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 4/5] xhci: Add an assertion to check for virt_dev=0 bug.
2011-03-25 7:44 [PATCH 4/5] xhci: Add an assertion to check for virt_dev=0 bug Matt Evans
@ 2011-03-28 22:23 ` Sarah Sharp
0 siblings, 0 replies; 2+ messages in thread
From: Sarah Sharp @ 2011-03-28 22:23 UTC (permalink / raw)
To: Matt Evans; +Cc: linuxppc-dev, linux-usb
On Fri, Mar 25, 2011 at 06:44:18PM +1100, Matt Evans wrote:
> During a "plug-unplug" stress test on an NEC xHCI card, a null pointer
> dereference was observed. xhci_address_device() dereferenced a null
> virt_dev (possibly an erroneous udev->slot_id?); this patch adds a WARN_ON &
> message to aid debug if it can be recreated.
Hmm, that's interesting. I haven't seen any null pointer dereferences
during my tests, but perhaps I'm not being ADDH enough about randomly
unplugging devices. :) Let me know if you trigger this again.
Sarah Sharp
> Signed-off-by: Matt Evans <matt@ozlabs.org>
> ---
> drivers/usb/host/xhci.c | 11 +++++++++++
> 1 files changed, 11 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
> index 88e6298..7d43456 100644
> --- a/drivers/usb/host/xhci.c
> +++ b/drivers/usb/host/xhci.c
> @@ -2542,6 +2542,17 @@ int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev)
>
> virt_dev = xhci->devs[udev->slot_id];
>
> + if (WARN_ON(!virt_dev)) {
> + /*
> + * In plug/unplug torture test with an NEC controller,
> + * a zero-dereference was observed once due to virt_dev = 0.
> + * Print useful debug rather than crash if it is observed again!
> + */
> + xhci_warn(xhci, "Virt dev invalid for slot_id 0x%x!\n",
> + udev->slot_id);
> + return -EINVAL;
> + }
> +
> slot_ctx = xhci_get_slot_ctx(xhci, virt_dev->in_ctx);
> /*
> * If this is the first Set Address since device plug-in or
> --
> 1.7.0.4
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-03-28 22:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-25 7:44 [PATCH 4/5] xhci: Add an assertion to check for virt_dev=0 bug Matt Evans
2011-03-28 22:23 ` Sarah Sharp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox