• Guenter Roeck's avatar
    usb: hub: Fix crash after failure to read BOS descriptor · 4e615886
    Guenter Roeck authored
    commit 7b2db29f upstream.
    
    If usb_get_bos_descriptor() returns an error, usb->bos will be NULL.
    Nevertheless, it is dereferenced unconditionally in
    hub_set_initial_usb2_lpm_policy() if usb2_hw_lpm_capable is set.
    This results in a crash.
    
    usb 5-1: unable to get BOS descriptor
    ...
    Unable to handle kernel NULL pointer dereference at virtual address 00000008
    pgd = ffffffc00165f000
    [00000008] *pgd=000000000174f003, *pud=000000000174f003,
    		*pmd=0000000001750003, *pte=00e8000001751713
    Internal error: Oops: 96000005 [#1] PREEMPT SMP
    Modules linked in: uinput uvcvideo videobuf2_vmalloc cmac [ ... ]
    CPU: 5 PID: 3353 Comm: kworker/5:3 Tainted: G    B 4.4.52 #480
    Hardware name: Google Kevin (DT)
    Workqueue: events driver_set_config_work
    task: ffffffc0c3690000 ti: ffffffc0ae9a8000 task.ti: ffffffc0ae9a8000
    PC is at hub_port_init+0xc3c/0xd10
    LR is at hub_port_init+0xc3c/0xd10
    ...
    Call trace:
    [<ffffffc0007fbbfc>] hub_port_init+0xc3c/0xd10
    [<ffffffc0007fbe2c>] usb_reset_and_verify_device+0x15c/0x82c
    [<ffffffc0007fc5e0>] usb_reset_device+0xe4/0x298
    [<ffffffbffc0e3fcc>] rtl8152_probe+0x84/0x9b0 [r8152]
    [<ffffffc00080ca8c>] usb_probe_interface+0x244/0x2f8
    [<ffffffc000774a24>] driver_probe_device+0x180/0x3b4
    [<ffffffc000774e48>] __device_attach_driver+0xb4/0xe0
    [<ffffffc000772168>] bus_for_each_drv+0xb4/0xe4
    [<ffffffc0007747ec>] __device_attach+0xd0/0x158
    [<ffffffc000775080>] device_initial_probe+0x24/0x30
    [<ffffffc0007739d4>] bus_probe_device+0x50/0xe4
    [<ffffffc000770bd0>] device_add+0x414/0x738
    [<ffffffc000809fe8>] usb_set_configuration+0x89c/0x914
    [<ffffffc00080a120>] driver_set_config_work+0xc0/0xf0
    [<ffffffc000249bb8>] process_one_work+0x390/0x6b8
    [<ffffffc00024abcc>] worker_thread+0x480/0x610
    [<ffffffc000251a80>] kthread+0x164/0x178
    [<ffffffc0002045d0>] ret_from_fork+0x10/0x40
    
    Since we don't know anything about LPM capabilities without BOS descriptor,
    don't attempt to enable LPM if it is not available.
    
    Fixes: 890dae88 ("xhci: Enable LPM support only for hardwired ...")
    Cc: Mathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
    Acked-by: default avatarMathias Nyman <mathias.nyman@linux.intel.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    4e615886
hub.c 164 KB