* [PATCH] usbcore: usb_set_configuration oops (NULL ptr dereference)
@ 2006-03-09 13:10 Horst Schirmeier
2006-03-09 15:24 ` Alan Stern
0 siblings, 1 reply; 2+ messages in thread
From: Horst Schirmeier @ 2006-03-09 13:10 UTC (permalink / raw)
To: Alan Stern; +Cc: Greg KH, linux-usb-devel, linux-kernel
When trying to deconfigure a device via usb_set_configuration(dev, 0),
2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
with "Unable to handle NULL pointer dereference at...". This is due to
an unchecked dereference of cp in the power budget part.
Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
---
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 7135e54..96cabeb 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -1388,11 +1388,13 @@ free_interfaces:
if (dev->state != USB_STATE_ADDRESS)
usb_disable_device (dev, 1); // Skip ep0
- i = dev->bus_mA - cp->desc.bMaxPower * 2;
- if (i < 0)
- dev_warn(&dev->dev, "new config #%d exceeds power "
- "limit by %dmA\n",
- configuration, -i);
+ if (cp) {
+ i = dev->bus_mA - cp->desc.bMaxPower * 2;
+ if (i < 0)
+ dev_warn(&dev->dev, "new config #%d exceeds power "
+ "limit by %dmA\n",
+ configuration, -i);
+ }
if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
USB_REQ_SET_CONFIGURATION, 0, configuration, 0,
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] usbcore: usb_set_configuration oops (NULL ptr dereference)
2006-03-09 13:10 [PATCH] usbcore: usb_set_configuration oops (NULL ptr dereference) Horst Schirmeier
@ 2006-03-09 15:24 ` Alan Stern
0 siblings, 0 replies; 2+ messages in thread
From: Alan Stern @ 2006-03-09 15:24 UTC (permalink / raw)
To: Horst Schirmeier; +Cc: Greg KH, linux-usb-devel, linux-kernel
On Thu, 9 Mar 2006, Horst Schirmeier wrote:
> When trying to deconfigure a device via usb_set_configuration(dev, 0),
> 2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
> with "Unable to handle NULL pointer dereference at...". This is due to
> an unchecked dereference of cp in the power budget part.
>
> Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
>
> ---
>
> diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
> index 7135e54..96cabeb 100644
> --- a/drivers/usb/core/message.c
> +++ b/drivers/usb/core/message.c
> @@ -1388,11 +1388,13 @@ free_interfaces:
> if (dev->state != USB_STATE_ADDRESS)
> usb_disable_device (dev, 1); // Skip ep0
>
> - i = dev->bus_mA - cp->desc.bMaxPower * 2;
> - if (i < 0)
> - dev_warn(&dev->dev, "new config #%d exceeds power "
> - "limit by %dmA\n",
> - configuration, -i);
> + if (cp) {
> + i = dev->bus_mA - cp->desc.bMaxPower * 2;
> + if (i < 0)
> + dev_warn(&dev->dev, "new config #%d exceeds power "
> + "limit by %dmA\n",
> + configuration, -i);
> + }
>
> if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
> USB_REQ_SET_CONFIGURATION, 0, configuration, 0,
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-03-09 15:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-09 13:10 [PATCH] usbcore: usb_set_configuration oops (NULL ptr dereference) Horst Schirmeier
2006-03-09 15:24 ` Alan Stern
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox