• Yoshihiro Shimoda's avatar
    usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler() · 5a6df60e
    Yoshihiro Shimoda authored
    commit 894f2fc4 upstream.
    
    When unexpected situation happened (e.g. tx/rx irq happened while
    DMAC is used), the usbhsf_pkt_handler() was possible to cause NULL
    pointer dereference like the followings:
    
    Unable to handle kernel NULL pointer dereference at virtual address 00000000
    pgd = c0004000
    [00000000] *pgd=00000000
    Internal error: Oops: 80000007 [#1] SMP ARM
    Modules linked in: usb_f_acm u_serial g_serial libcomposite
    CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc6-00842-gac57066-dirty #63
    Hardware name: Generic R8A7790 (Flattened Device Tree)
    task: c0729c00 ti: c0724000 task.ti: c0724000
    PC is at 0x0
    LR is at usbhsf_pkt_handler+0xac/0x118
    pc : [<00000000>]    lr : [<c03257e0>]    psr: 60000193
    sp : c0725db8  ip : 00000000  fp : c0725df4
    r10: 00000001  r9 : 00000193  r8 : ef3ccab4
    r7 : ef3cca10  r6 : eea4586c  r5 : 00000000  r4 : ef19ceb4
    r3 : 00000000  r2 : 0000009c  r1 : c0725dc4  r0 : ef19ceb4
    
    This patch adds a condition to avoid the dereference.
    
    Fixes: e73a9891 ("usb: renesas_usbhs: add DMAEngine support")
    Cc: <stable@vger.kernel.org> # v3.1+
    Signed-off-by: default avatarYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
    Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
    Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
    5a6df60e
fifo.c 26.6 KB