Re: [PATCH] usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()

From: Mathias Nyman
Date: Mon Aug 05 2024 - 04:21:17 EST

Next message: Jason Wang: "[PATCH] vduse: avoid using __GFP_NOFAIL"
Previous message: Alex Shi: "Re: [PATCH v4 06/22] mm/zsmalloc: convert create_page_chain() and its users to use zpdesc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31.7.2024 23.59, Marc Zyngier wrote:

If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop
up the damage. If it fails early enough, before xhci->interrupters
is allocated but after xhci->max_interrupters has been set, which
happens in most (all?) cases, things get uglier, as xhci_mem_cleanup()
unconditionally derefences xhci->interrupters. With prejudice.

Gate the interrupt freeing loop with a check on xhci->interrupters
being non-NULL.

Found while debugging a DMA allocation issue that led the XHCI driver
on this exact path.

Fixes: c99b38c41234 ("xhci: add support to allocate several interrupters")
Cc: Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx>
Cc: Wesley Cheng <quic_wcheng@xxxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
---

Thanks, Adding to queue

-Mathias

Next message: Jason Wang: "[PATCH] vduse: avoid using __GFP_NOFAIL"
Previous message: Alex Shi: "Re: [PATCH v4 06/22] mm/zsmalloc: convert create_page_chain() and its users to use zpdesc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]