On 1/21/25 11:36 PM, Qasim Ijaz wrote: > If usb_add_hcd() fails in vhci_hcd_probe() (i.e., a probe failure), > the error path calls usb_remove_hcd() and also sets > pdev->dev.driver_data to NULL. > > Consequently, any subsequent call to platform_get_drvdata(pdev) > (which returns pdev->dev.driver_data) may yield NULL, causing a > crash if that pointer is dereferenced. > > Fix this by adding a sanity check to ensure "hcd" is non-NULL > before proceeding with further operations. > > Reported-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> > Closes: https://syzkaller.appspot.com/bug?extid=83976e47ec1ef91e66f1 > Tested-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> > Fixes: 03cd00d538a6 ("usbip: vhci-hcd: Set the vhci structure up to work") > Signed-off-by: Qasim Ijaz <qasdev00@xxxxxxxxx> > --- > drivers/usb/usbip/vhci_sysfs.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c > index d5865460e82d..a5e6c3c4af06 100644 > --- a/drivers/usb/usbip/vhci_sysfs.c > +++ b/drivers/usb/usbip/vhci_sysfs.c > @@ -76,6 +76,10 @@ static ssize_t status_show_vhci(int pdev_nr, char *out) > } > > hcd = platform_get_drvdata(pdev); > + Empty line net really needed here... > + if (!hcd) > + return 0; > + > vhci_hcd = hcd_to_vhci_hcd(hcd); > vhci = vhci_hcd->vhci; > MBR, Sergey
