[PATCH] usb: host: ehci-sched: avoid possible NULL dereference

From: Sudip Mukherjee
Date: Mon Oct 05 2020 - 17:32:12 EST

Next message: Mike Travis: "Re: [PATCH v4 03/13] x86/platform/uv: Adjust references in UV kernel modules"
Previous message: Borislav Petkov: "Re: [PATCH v4 06/13] x86/platform/uv: Add and Decode Arch Type in UVsystab"
Next in thread: Harley A.W. Lorenzo: "Re: [PATCH] usb: host: ehci-sched: avoid possible NULL dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

find_tt() can return NULL or the error value in ERR_PTR() and
dereferencing the return value without checking for the error can
lead to a possible dereference of NULL pointer or ERR_PTR().

Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@xxxxxxxxx>
---
drivers/usb/host/ehci-sched.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
index 6dfb242f9a4b..f3fd7e9fe6b2 100644
--- a/drivers/usb/host/ehci-sched.c
+++ b/drivers/usb/host/ehci-sched.c
@@ -245,6 +245,8 @@ static void reserve_release_intr_bandwidth(struct ehci_hcd *ehci,
/* FS/LS bus bandwidth */
if (tt_usecs) {
tt = find_tt(qh->ps.udev);
+ if (IS_ERR_OR_NULL(tt))
+ return;
if (sign > 0)
list_add_tail(&qh->ps.ps_list, &tt->ps_list);
else
@@ -1338,6 +1340,8 @@ static void reserve_release_iso_bandwidth(struct ehci_hcd *ehci,
}

tt = find_tt(stream->ps.udev);
+ if (IS_ERR_OR_NULL(tt))
+ return;
if (sign > 0)
list_add_tail(&stream->ps.ps_list, &tt->ps_list);
else
--
2.11.0

Next message: Mike Travis: "Re: [PATCH v4 03/13] x86/platform/uv: Adjust references in UV kernel modules"
Previous message: Borislav Petkov: "Re: [PATCH v4 06/13] x86/platform/uv: Add and Decode Arch Type in UVsystab"
Next in thread: Harley A.W. Lorenzo: "Re: [PATCH] usb: host: ehci-sched: avoid possible NULL dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]