Re: [PATCH] usb: xhci: check Null pointer in segment alloc

[Mathias Nyman]

On 12/19/25 09:18, 胡连勤 wrote:
> From: Lianqin Hu <hulianqin@xxxxxxxx>
>
> Considering that in some extreme cases,
> when a digital headset is connected and a wake-up
> operation is performed,if the headset is plug out
> or the headset connection is abnormally disconnected at this time,
> segment_pool will be set to null, resulting in accessing a null pointer.
>
> So, add null pointer checks to fix the problem.
>
> Call trace:
>   dma_pool_alloc+0x3c/0x248
>   xhci_segment_alloc+0x9c/0x184
>   xhci_alloc_segments_for_ring+0xcc/0x1cc
>   xhci_ring_alloc+0xc4/0x1a8
>   xhci_endpoint_init+0x36c/0x4ac
>   xhci_add_endpoint+0x18c/0x2a4
>   usb_hcd_alloc_bandwidth+0x384/0x3e4
>   usb_set_interface+0x144/0x510
>   usb_reset_and_verify_device+0x248/0x5fc
>   usb_port_resume+0x580/0x700
>   usb_generic_driver_resume+0x24/0x5c
>   usb_resume_both+0x104/0x32c
>   usb_runtime_resume+0x18/0x28
>   __rpm_callback+0x94/0x3d4
>   rpm_resume+0x3f8/0x5fc
>   rpm_resume+0x1fc/0x5fc
>
> Fixes: 0ebbab374223 ("USB: xhci: Ring allocation and initialization.")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Lianqin Hu <hulianqin@xxxxxxxx>
>
>   drivers/usb/host/xhci-mem.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
> index c708bdd69f16..2ea5fb810a80 100644
> --- a/drivers/usb/host/xhci-mem.c
> +++ b/drivers/usb/host/xhci-mem.c
> @@ -35,6 +35,9 @@ static struct xhci_segment *xhci_segment_alloc(struct xhci_hcd *xhci,
>   	dma_addr_t	dma;
>   	struct device *dev = xhci_to_hcd(xhci)->self.sysdev;
>   
> +	if (!xhci->segment_pool)
> +		return NULL;
> +

The xhci->segment_pool is created in xhci_mem_init() and destroyed in xhci_mem_cleanup().
It should never be NULL when xhci driver tries to allocate a ring segment.

If you can trigger a null pointer dereference here, then please share a backtrace.
There is likely something else is wrong that needs to be fixed.

Thanks
Mathias