From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 323CE30AD1C for ; Mon, 22 Dec 2025 07:55:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766390151; cv=none; b=WM3Ey+6MGV9qkx43ii9H0XXcSLz0FiGs/hznAl99xrZtwqfXby24T1/OjVOfy+Vo3d8YO98VbN0udhH34FXx79pBOXLXlmnX71eMYbUjcgBLRyFkymloLgsi8NCMoMV/+xpo8sQTONIVtA4D+AGAm9DlITuqF4oZWmZzzUeQMDw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766390151; c=relaxed/simple; bh=+yPOjc+fqkDPEHqb4AUcpPWxXHxorRpawbbFTVTvM6c=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NxgZ03nMPo9cB9I8K9zplyfiOuMTotMfn7j9zoOuEXs/5yO37ErxEmlHdGofAbDBlJeunpN7oqyQrCvi6WyUmHSh5E639ENf5sZQbBLA2BjiEVRf+Xs9TrTO40h+gQ15BJsERxL0hWtNgCRUfAEC5bXPjfY5G3XTFh+sgtZHRlg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=f6oCG2Xa; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="f6oCG2Xa" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-b72b495aa81so602105066b.2 for ; Sun, 21 Dec 2025 23:55:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766390148; x=1766994948; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=yaHVBuWBeHTZHoY+QCI6EjtKxWsuUfcPRstWfRihDUk=; b=f6oCG2Xaq1IXK1Y6f/cS6dz41cxVvNtpnikdw6aKCNzILxf0p+1yKmeCAwjZZ0/wbK OJgE/ZERHZ7RiFg1nn6T5fL+jfdMcCvciiU/fccGNq/h5lgNgM8XJSalGJtCDUBjbVVf MgpA3LrU+/VtcgPBHrxZ1KauRy2fEJTWEzQjPUg1PP6xvDQ/6G0R0tnpvMDKZTVE9g67 nx67ApPewrwxwFRbcsFAAX9lXH+QNXF+NrbyV7FXXCUA4QNS4cbw3kZ37Wdi5OqYojIf IzSSmgeidtPy8A5EydOHnQjK775+AbPNJazudm4NxC+Rflbi5WfaR6kF5oJtzp76gXZx xORQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766390148; x=1766994948; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yaHVBuWBeHTZHoY+QCI6EjtKxWsuUfcPRstWfRihDUk=; b=ghnKQ3d4uFXkupcwvvMyXegKCCOxkqwr1vL1UcsYx9fGPcvOhJ7iUozZgjct/WbyO4 kh7Sa3UDowI0+LgZsWyBSV6P9pKAzWeTDX31q3ZvVpwloDiBJ27SvIhxVOJRrelMDWH0 faSRWjDHEqikObMMfRKCuJAn+iEY92S+Zvd08H03zKI85rtH6HkiSA1MQqoUvx3UOKdM Lgxv4uatrOkKLQbLYBD0YOOXdmemRCDrfANEGRcU9plC11mhO5PQ5MfE3B5rz2+mRmWA 1kraAU+sNi11TTqZ3Dtljkx+m4Y+GHQfydHwa3PUFFOffQCBWRzz3BdceSzsdGfORksW MBCA== X-Forwarded-Encrypted: i=1; AJvYcCXJqqQxZsnWj9lNcPJbseYm7GaEZeAslY5SFAN2Mz2EXgk0T6aPSYOkm2w54Y7lS1yb83dOaQQaYcwuaqY=@vger.kernel.org X-Gm-Message-State: AOJu0Yx+nYm/KVVW6BGROE7LXYZJMlkXduPb7jN2wUMMhZN1/hu6U27d LErvi6cadJtlWwSkwVTTpHv8zm9BFWIqz5uRPTOLD6eVbdsCAPVUGrsd X-Gm-Gg: AY/fxX6+mZ/OKzyv9mG6U9dWbrEVRqQEts5vaM+slmOIEKiQbRB2gNTIn6BYnNETX52 bCO7+Luo494P9yNFfYl0QF0HQEOMMZeTPumLmkKVFZpR970NL+Cf1EEAeyiHSgVlBKGP91kqNt9 ERdFto2urkIpWrFewgOVy4gXyLCQJSaol8Hc5l5ibQiES2FK/B3R9tMNLoJH00da0xslalcE/kC 82ge3wEWtqSEjJQesYMwrNUJcH38VtxIeznojJDgt2vB2rUd4M9bHG+UhLpDYFAud+j+g8RM2g/ ysszylFwhiC3AKRKRcuqsvw4tizKZUUpEP43cXX112WqMdorxM/TZWv5f8LpmhJvERRwpSUgqzV ITf6sw9xzzt/gLI3YxVs5FeOUqlkS5Rh4aXtcmr5uGx260RbEQUjs8QNDUWULLOo+hcKmqFrZwI f8mXN92LrkQLVPsfwATRx1Cl0= X-Google-Smtp-Source: AGHT+IEMxTuUMUeAngDSLDPqkKs6ChHZnQLqP3jie8llW6T/pcPh84Oq0OS1p+ubMfZ3MFLNjD+3vQ== X-Received: by 2002:a17:907:7638:b0:b80:6ddc:7dcd with SMTP id a640c23a62f3a-b806ddc842amr211586466b.31.1766390148233; Sun, 21 Dec 2025 23:55:48 -0800 (PST) Received: from foxbook (bfd193.neoplus.adsl.tpnet.pl. [83.28.41.193]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8037f0ebbasm985598766b.55.2025.12.21.23.55.46 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Sun, 21 Dec 2025 23:55:47 -0800 (PST) Date: Mon, 22 Dec 2025 08:55:43 +0100 From: Michal Pecio To: Greg Kroah-Hartman Cc: Lee Jones , =?UTF-8?B?6IOh6L+e5Yuk?= , Mathias Nyman , Mathias Nyman , Sarah Sharp , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] usb: xhci: check Null pointer in segment alloc Message-ID: <20251222085543.4d7430d5.michal.pecio@gmail.com> In-Reply-To: <2025122253-stopper-tweed-6e68@gregkh> References: <4935bdf5-4d36-45c3-9bcd-9d14606dd54e@linux.intel.com> <20251220141510.1bc1ef19.michal.pecio@gmail.com> <20251222064252.GA1196800@google.com> <2025122253-stopper-tweed-6e68@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 22 Dec 2025 08:13:21 +0100, Greg Kroah-Hartman wrote: > > An API that insists on its users exercising care, knowledge and > > cognisance sounds fragile and vulnerable. > > Fragile yes, vulnerable no. Let's fix the fragility then, but as has > been pointed out in this thread, we don't know the root cause, and I > don't even think this "fix" would do the right thing anyway. The patch looks wrong. I suspect this happens when add_endpoint() is called concurrently with resume(), which makes little sense. And it means the same code can probably call add_endpoint() before resume(), which makes no sense either. We can't do that with suspended HW. Chances are that this crash isn't even the only thing that could go wrong when such calls are attempted. For one, xhci_resume() drops the spinlock after reporting usb_root_hub_lost_power(), so your guess elsewhere was correct - this code isn't even locked properly. It seems no operations on USB devices during resume() are expected. Regards, Michal