queue-4.19/usb-xhci-fix-a-potential-null-pointer-dereference-in.patch

   1 From f9076059b547b93821b13682bcb4294ed13c5d4d Mon Sep 17 00:00:00 2001
   2 From: Jia-Ju Bai <baijiaju1990@gmail.com>
   3 Date: Wed, 22 May 2019 14:33:58 +0300
   4 Subject: usb: xhci: Fix a potential null pointer dereference in
   5  xhci_debugfs_create_endpoint()
   6
   7 [ Upstream commit 5bce256f0b528624a34fe907db385133bb7be33e ]
   8
   9 In xhci_debugfs_create_slot(), kzalloc() can fail and
  10 dev->debugfs_private will be NULL.
  11 In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without
  12 any null-pointer check, and can cause a null pointer dereference.
  13
  14 To fix this bug, a null-pointer check is added in
  15 xhci_debugfs_create_endpoint().
  16
  17 This bug is found by a runtime fuzzing tool named FIZZER written by us.
  18
  19 [subjet line change change, add potential -Mathais]
  20 Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
  21 Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22 Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
  23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24 Signed-off-by: Sasha Levin <sashal@kernel.org>
  25 ---
  26  drivers/usb/host/xhci-debugfs.c | 3 +++
  27  1 file changed, 3 insertions(+)
  28
  29 diff --git a/drivers/usb/host/xhci-debugfs.c b/drivers/usb/host/xhci-debugfs.c
  30 index cadc01336bf8..7ba6afc7ef23 100644
  31 --- a/drivers/usb/host/xhci-debugfs.c
  32 +++ b/drivers/usb/host/xhci-debugfs.c
  33 @@ -440,6 +440,9 @@ void xhci_debugfs_create_endpoint(struct xhci_hcd *xhci,
  34         struct xhci_ep_priv     *epriv;
  35         struct xhci_slot_priv   *spriv = dev->debugfs_private;
  36
  37 +       if (!spriv)
  38 +               return;
  39 +
  40         if (spriv->eps[ep_index])
  41                 return;
  42
  43 --
  44 2.20.1
  45