xhci: fix null pointer dereference on ring_doorbell_for_active_rings

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

in some cases where device is attched to xhci port and do not responding,
for example ath9k_htc with stalled firmware, kernel will
crash on ring_doorbell_for_active_rings.
This patch check if pointer exist before it is used.

This patch should be backported to kernels as old as 2.6.35, that
contain the commit e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 "USB: xhci:
Correct assumptions about number of rings per endpoint"

Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: stable@vger.kernel.org

authored by

Oleksij Rempel and committed by

Sarah Sharp 12 years ago d66eaf9f 07f3cb7c

+1 -1

1 changed file

expand all

drivers

usb

host

xhci-ring.c

+1 -1

drivers/usb/host/xhci-ring.c

··· 434 434 435 435 /* A ring has pending URBs if its TD list is not empty */ 436 436 if (!(ep->ep_state & EP_HAS_STREAMS)) { 437 - if (!(list_empty(&ep->ring->td_list))) 437 + if (ep->ring && !(list_empty(&ep->ring->td_list))) 438 438 xhci_ring_ep_doorbell(xhci, slot_id, ep_index, 0); 439 439 return; 440 440 }