1 From f9076059b547b93821b13682bcb4294ed13c5d4d Mon Sep 17 00:00:00 2001
2 From: Jia-Ju Bai <baijiaju1990@gmail.com>
3 Date: Wed, 22 May 2019 14:33:58 +0300
4 Subject: usb: xhci: Fix a potential null pointer dereference in
5 xhci_debugfs_create_endpoint()
7 [ Upstream commit 5bce256f0b528624a34fe907db385133bb7be33e ]
9 In xhci_debugfs_create_slot(), kzalloc() can fail and
10 dev->debugfs_private will be NULL.
11 In xhci_debugfs_create_endpoint(), dev->debugfs_private is used without
12 any null-pointer check, and can cause a null pointer dereference.
14 To fix this bug, a null-pointer check is added in
15 xhci_debugfs_create_endpoint().
17 This bug is found by a runtime fuzzing tool named FIZZER written by us.
19 [subjet line change change, add potential -Mathais]
20 Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
21 Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
22 Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
24 Signed-off-by: Sasha Levin <sashal@kernel.org>
26 drivers/usb/host/xhci-debugfs.c | 3 +++
27 1 file changed, 3 insertions(+)
29 diff --git a/drivers/usb/host/xhci-debugfs.c b/drivers/usb/host/xhci-debugfs.c
30 index cadc01336bf8..7ba6afc7ef23 100644
31 --- a/drivers/usb/host/xhci-debugfs.c
32 +++ b/drivers/usb/host/xhci-debugfs.c
33 @@ -440,6 +440,9 @@ void xhci_debugfs_create_endpoint(struct xhci_hcd *xhci,
34 struct xhci_ep_priv *epriv;
35 struct xhci_slot_priv *spriv = dev->debugfs_private;
40 if (spriv->eps[ep_index])