[patch 05/26] USB: usbcore: usb_set_configuration oops (NULL ptr dereference)

[gregkh]

When trying to deconfigure a device via usb_set_configuration(dev, 0),
2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
with "Unable to handle NULL pointer dereference at...". This is due to
an unchecked dereference of cp in the power budget part.

This patch was already included in Linus' tree.    

Signed-off-by: Horst Schirmeier <horst@xxxxxxxxxxxxxx>
Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
Signed-off-by: Adrian Bunk <bunk@xxxxxxxxx>

---
 drivers/usb/core/message.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- linux-2.6.16.1.orig/drivers/usb/core/message.c
+++ linux-2.6.16.1/drivers/usb/core/message.c
@@ -1388,11 +1388,13 @@ free_interfaces:
 	if (dev->state != USB_STATE_ADDRESS)
 		usb_disable_device (dev, 1);	// Skip ep0
 
-	i = dev->bus_mA - cp->desc.bMaxPower * 2;
-	if (i < 0)
-		dev_warn(&dev->dev, "new config #%d exceeds power "
-				"limit by %dmA\n",
-				configuration, -i);
+	if (cp) {
+		i = dev->bus_mA - cp->desc.bMaxPower * 2;
+		if (i < 0)
+			dev_warn(&dev->dev, "new config #%d exceeds power "
+					"limit by %dmA\n",
+					configuration, -i);
+	}
 
 	if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
 			USB_REQ_SET_CONFIGURATION, 0, configuration, 0,

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/