summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-09-09 13:47:20 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-09-09 13:47:20 +0200
commit1b49dae1ca65cd38221b28911ba08954627a2760 (patch)
tree4d5849621215b5e46a3f5f01eea1ff26970cc55f
parentxhci: fix null pointer dereference in stop command timeout function (diff)
parentusb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase (diff)
downloadlinux-1b49dae1ca65cd38221b28911ba08954627a2760.tar.xz
linux-1b49dae1ca65cd38221b28911ba08954627a2760.zip
Merge tag 'usb-ci-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/peter.chen/usb into usb-linus
Peter writes: Fix the possible kernel panic when the hardware signal is bad for chipidea udc.
-rw-r--r--drivers/usb/chipidea/udc.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
index dfec5a176315..b93356834bb5 100644
--- a/drivers/usb/chipidea/udc.c
+++ b/drivers/usb/chipidea/udc.c
@@ -949,6 +949,15 @@ static int isr_setup_status_phase(struct ci_hdrc *ci)
int retval;
struct ci_hw_ep *hwep;
+ /*
+ * Unexpected USB controller behavior, caused by bad signal integrity
+ * or ground reference problems, can lead to isr_setup_status_phase
+ * being called with ci->status equal to NULL.
+ * If this situation occurs, you should review your USB hardware design.
+ */
+ if (WARN_ON_ONCE(!ci->status))
+ return -EPIPE;
+
hwep = (ci->ep0_dir == TX) ? ci->ep0out : ci->ep0in;
ci->status->context = ci;
ci->status->complete = isr_setup_status_complete;