From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anatolij Gustschin <agust@denx.de>
Date: Sat, 12 Nov 2016 19:10:28 +0100
Subject: [U-Boot] [PATCH] usb: check udev before dereferencing
In-Reply-To: <7b8b75cd-4d6f-3ff0-6fb5-649252e5bc8c@denx.de>
References: <1478941329-9539-1-git-send-email-agust@denx.de>
 <7b8b75cd-4d6f-3ff0-6fb5-649252e5bc8c@denx.de>
Message-ID: <20161112191028.6acc5536@crub>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Sat, 12 Nov 2016 10:36:42 +0100
Marek Vasut marex at denx.de wrote:
...
> >  		udev = dev_get_parent_priv(child);
> > +		if (!udev)
> > +			continue;  
> 
> I don't quite understand the problem from the patch description, but
> shouldn't all the return values from dev_get_parent_priv() be checked
> this way , not just these two ?

The problem is that when dereferencing NULL udev we later access
some random address (e.g. when accessing dev->dev->parent in
usb_show_tree_graph()). dev->dev pointer is random DRAM data there,
when dereferencing it, data abort happens when random address
is outside of valid address range.

Probably we should check elsewhere, at least where it might
return NULL.

> 
> Why does dev_get_parent_priv() return NULL here ?

it returns NULL because the dev->parent_priv is not allocated for
usb_mass_storage.lun0 device. I do not know the reason why.

--
Anatolij