[PATCH] Avoid possible NULL dereference in XHCI driver
Jim Posen
jim.posen at gmail.com
Mon Oct 25 02:33:08 CEST 2021
In the recovery function abort_td run after timed out XHCI transfers,
there's a possible NULL pointer dereference. Instead, explicitly
BUG_ON that condition.
Signed-off-by: Jim Posen <jim.posen at gmail.com>
---
drivers/usb/host/xhci-ring.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 35bd5cd29e..1635d03ece 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -499,6 +499,7 @@ static void abort_td(struct usb_device *udev, int ep_index)
xhci_queue_command(ctrl, NULL, udev->slot_id, ep_index, TRB_STOP_RING);
event = xhci_wait_for_event(ctrl, TRB_TRANSFER);
+ BUG_ON(!event);
field = le32_to_cpu(event->trans_event.flags);
BUG_ON(TRB_TO_SLOT_ID(field) != udev->slot_id);
BUG_ON(TRB_TO_EP_INDEX(field) != ep_index);
--
2.25.1
More information about the U-Boot
mailing list