On Wed, Jan 22, 2025 at 11:56:34AM +0300, Sergey Shtylyov wrote: > On 1/21/25 11:36 PM, Qasim Ijaz wrote: > > > If usb_add_hcd() fails in vhci_hcd_probe() (i.e., a probe failure), > > the error path calls usb_remove_hcd() and also sets > > pdev->dev.driver_data to NULL. > > > > Consequently, any subsequent call to platform_get_drvdata(pdev) > > (which returns pdev->dev.driver_data) may yield NULL, causing a > > crash if that pointer is dereferenced. > > > > Fix this by adding a sanity check to ensure "hcd" is non-NULL > > before proceeding with further operations. > > > > Reported-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> > > Closes: https://syzkaller.appspot.com/bug?extid=83976e47ec1ef91e66f1 > > Tested-by: syzbot <syzbot+83976e47ec1ef91e66f1@xxxxxxxxxxxxxxxxxxxxxxxxx> > > Fixes: 03cd00d538a6 ("usbip: vhci-hcd: Set the vhci structure up to work") > > Signed-off-by: Qasim Ijaz <qasdev00@xxxxxxxxx> > > --- > > drivers/usb/usbip/vhci_sysfs.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c > > index d5865460e82d..a5e6c3c4af06 100644 > > --- a/drivers/usb/usbip/vhci_sysfs.c > > +++ b/drivers/usb/usbip/vhci_sysfs.c > > @@ -76,6 +76,10 @@ static ssize_t status_show_vhci(int pdev_nr, char *out) > > } > > > > hcd = platform_get_drvdata(pdev); > > + > > Empty line net really needed here... Thanks for spotting this Sergey. Just send out patch v2 which fixes this. > > > + if (!hcd) > > + return 0; > > + > > vhci_hcd = hcd_to_vhci_hcd(hcd); > > vhci = vhci_hcd->vhci; > > > > MBR, Sergey >
