From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Vasut Date: Fri, 14 Aug 2015 22:46:39 +0200 Subject: [U-Boot] [PATCH v2] usb: xhci: Fix a potential NULL pointer dereference In-Reply-To: <1439565249-12581-1-git-send-email-s.temerkhanov@gmail.com> References: <1439565249-12581-1-git-send-email-s.temerkhanov@gmail.com> Message-ID: <201508142246.39402.marex@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Friday, August 14, 2015 at 05:14:09 PM, Sergey Temerkhanov wrote: > This patch fixes a potential NULL pointer dereference arising on > non-present/non-initialized xHCI controllers and adds some error > handling to xHCI code > > Signed-off-by: Sergey Temerkhanov > Signed-off-by: Radha Mohan Chintakuntla > > --- > > Changes in v2: > - Add return value check with setting hccr and hcor to NULL > > drivers/usb/host/xhci.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c > index 0b09643..f8e2d70 100644 > --- a/drivers/usb/host/xhci.c > +++ b/drivers/usb/host/xhci.c > @@ -199,7 +199,7 @@ int xhci_reset(struct xhci_hcor *hcor) > int ret; > > /* Halting the Host first */ > - debug("// Halt the HC\n"); > + debug("// Halt the HC: %p\n", hcor); > state = xhci_readl(&hcor->or_usbsts) & STS_HALT; > if (!state) { > cmd = xhci_readl(&hcor->or_usbcmd); > @@ -1079,6 +1079,11 @@ int usb_lowlevel_init(int index, enum usb_init_type > init, void **controller) > > *controller = &xhcic[index]; > > + if (ret) { > + ctrl->hccr = NULL; > + ctrl->hcor = NULL; Controller should be set to NULL too, for the sake of being completely precise, don't you think so ? > + } > + > return ret; > } > > @@ -1093,9 +1098,11 @@ int usb_lowlevel_stop(int index) > { > struct xhci_ctrl *ctrl = (xhcic + index); > > - xhci_lowlevel_stop(ctrl); > - xhci_hcd_stop(index); > - xhci_cleanup(ctrl); > + if (ctrl->hcor) { > + xhci_lowlevel_stop(ctrl); > + xhci_hcd_stop(index); > + xhci_cleanup(ctrl); > + } > > return 0; > } Good job, thanks :) Best regards, Marek Vasut