> From: Alan Stern [mailto:stern@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, December 23, 2013 11:13 PM > To: Du, ChangbinX > Cc: gregkh@xxxxxxxxxxxxxxxxxxx; sarah.a.sharp@xxxxxxxxxxxxxxx; Lan, Tianyu; > burzalodowa@xxxxxxxxx; linux-usb@xxxxxxxxxxxxxxx; > linux-kernel@xxxxxxxxxxxxxxx > Subject: Re: [PATCH] usb/core: fix NULL pointer dereference in > recursively_mark_NOTATTACHED > > On Mon, 23 Dec 2013, Du, ChangbinX wrote: > > > usb_hub_to_struct_hub() can return NULL if the hub without active > > configuration. So the result must be checked. > > > > BUG: unable to handle kernel NULL pointer dereference at 0000015c > How did you manage to trigger this BUG? If hub is NULL then > udev->maxchild should be 0. See the code in hub_disconnect(). > > Alan Stern Hello, Alan. The hub also should be null if actconfig is null. You can see it in function usb_hub_to_struct_hub(). udev->maxchild will be set to 0 in hub_disconnect(). But before that, recursively_mark_NOTATTACHED may be called when calling usb_disconnect(). So this issue will happen when usb_disconnect a hub that not have a configuration yet. It happened once here when unplugging otg cable from DUT(will cause hcd removed) with tiers of hub and devices. But it's not easy to reproduce it. This is my analysis, how do you think? Du, Changbin -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
