Due to the length of the logs, I didn't want to include them with the
original patch email, but for completeness here's the log of the crash
and the lsusb output for the device. To create the crash it is just a
case of running "echo 0421 0275 > /sys/bus/usb/drivers/cdc_acm/new_id".
The dmesg output when this crash is seen:
[ 3626.889369] cdc_acm 2-1.4:1.5: Ignoring descriptor: type 11, length 5
[ 3626.889372] cdc_acm 2-1.4:1.5: Separate call control interface. That
is not fully supported.
[ 3626.889379] cdc_acm: probe of 2-1.4:1.5 failed with error -22
[ 3626.889387] cdc_acm 2-1.4:1.6: Ignoring descriptor: type 15, length 5
[ 3626.889390] cdc_acm 2-1.4:1.6: Separate call control interface. That
is not fully supported.
[ 3626.889395] cdc_acm: probe of 2-1.4:1.6 failed with error -22
[ 3626.889418] BUG: unable to handle kernel NULL pointer dereference at
0000000000000040
[ 3626.889423] IP: [<ffffffffa02e8098>] acm_probe+0x238/0x1110 [cdc_acm]
[ 3626.889432] PGD 1018f6067 PUD 120408067 PMD 0
[ 3626.889437] Oops: 0000 [#1] SMP
[ 3626.889440] last sysfs file: /sys/bus/usb/drivers/cdc_acm/new_id
The lsusb -v output for the X6 device is:
Bus 002 Device 003: ID 0421:0275 Nokia Mobile Phones
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0421 Nokia Mobile Phones
idProduct 0x0275
bcdDevice 1.00
iManufacturer 1 Nokia
iProduct 2 Nokia X6-00
iSerial 3 352006046091428
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 429
bNumInterfaces 14
bConfigurationValue 1
iConfiguration 4 Bulk transfer method configuration
bmAttributes 0x80
(Bus Powered)
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 6 MTP
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 3
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 1 AT-commands (v.25ter)
iInterface 7 CDC Comms Interface
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x0f
connection notifications
sends break
line coding and serial state
get/set/clear comm features
CDC Union:
bMasterInterface 1
bSlaveInterface 2
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 8
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 2
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 8 CDC Data Interface
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 3
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 255 Vendor Specific (MSFT RNDIS?)
iInterface 9 CDC Comms Interface
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x0f
connection notifications
sends break
line coding and serial state
get/set/clear comm features
CDC Union:
bMasterInterface 3
bSlaveInterface 4
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x85 EP 5 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 8
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 4
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 10 CDC Data Interface
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x86 EP 6 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 5
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 2 Communications
bInterfaceSubClass 8 Wireless Handset Control
bInterfaceProtocol 0
iInterface 0
CDC Header:
bcdCDC 1.10
CDC WHCM:
bcdVersion 1.00
CDC Union:
bMasterInterface 5
bSlaveInterface 6 7 8 9 10 11 12 13
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 6
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 2 Communications
bInterfaceSubClass 11 OBEX
bInterfaceProtocol 0
iInterface 11 SYNCML-SYNC
CDC Header:
bcdCDC 1.10
CDC OBEX:
bcdVersion 1.00
CDC Union:
bMasterInterface 6
bSlaveInterface 7
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 7
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 7
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x87 EP 7 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x04 EP 4 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 8
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 2 Communications
bInterfaceSubClass 11 OBEX
bInterfaceProtocol 0
iInterface 12 PC Suite Services
CDC Header:
bcdCDC 1.10
CDC OBEX:
bcdVersion 1.00
CDC Union:
bMasterInterface 8
bSlaveInterface 9
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 9
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 9
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x88 EP 8 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x05 EP 5 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 10
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 2 Communications
bInterfaceSubClass 254
bInterfaceProtocol 0
iInterface 13 UsbPnComm
CDC Header:
bcdCDC 10.01
UNRECOGNIZED CDC: 03 24 ab
CDC Union:
bMasterInterface 10
bSlaveInterface 11
UNRECOGNIZED CDC: 04 24 fd 00
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 11
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 14 UsbPnDataAlt0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 11
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 15 UsbPnDataAlt1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x89 EP 9 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x06 EP 6 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 12
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 2 Communications
bInterfaceSubClass 253
bInterfaceProtocol 0
iInterface 16 LCIF_Alt0
CDC Header:
bcdCDC 1.10
UNRECOGNIZED CDC: 05 24 fc 00 01
CDC Union:
bMasterInterface 12
bSlaveInterface 13
UNRECOGNIZED CDC: 04 24 fd 00
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 13
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 13
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x8a EP 10 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 6
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x07 EP 7 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 13
bAlternateSetting 2
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0 Unused
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x8a EP 10 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x07 EP 7 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 255
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 255 Vendor Specific Class
bDeviceSubClass 255 Vendor Specific Subclass
bDeviceProtocol 255 Vendor Specific Protocol
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
On Wed, 2010-09-01 at 16:26 +0100, Toby Gray wrote:
> Certain USB devices, such as the Nokia X6 mobile phone, don't expose any
> endpoint descriptors on some of their interfaces. If the ACM driver is forced
> to probe all interfaces on a device the a NULL pointer dereference will occur
> when the ACM driver attempts to use the endpoint of the alternative settings.
> One way to get the ACM driver to probe all the interfaces is by using the
> /sys/bus/usb/drivers/cdc_acm/new_id interface.
>
> This patch checks that the alternative settings and the associated endpoint
> pointer are non-NULL before using them.
>
> Signed-off-by: Toby Gray <toby.gray@xxxxxxxxxxx>
> ---
> drivers/usb/class/cdc-acm.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
> index 1833b3a..44bbeae 100644
> --- a/drivers/usb/class/cdc-acm.c
> +++ b/drivers/usb/class/cdc-acm.c
> @@ -965,7 +965,9 @@ static int acm_probe(struct usb_interface *intf,
> }
>
> if (!buflen) {
> - if (intf->cur_altsetting->endpoint->extralen &&
> + if (intf->cur_altsetting &&
> + intf->cur_altsetting->endpoint &&
> + intf->cur_altsetting->endpoint->extralen &&
> intf->cur_altsetting->endpoint->extra) {
> dev_dbg(&intf->dev,
> "Seeking extra descriptors on endpoint\n");
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
