When trying to deconfigure a device via usb_set_configuration(dev, 0),
2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
with "Unable to handle NULL pointer dereference at...". This is due to
an unchecked dereference of cp in the power budget part.
Signed-off-by: Horst Schirmeier <[email protected]>
---
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 7135e54..96cabeb 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -1388,11 +1388,13 @@ free_interfaces:
if (dev->state != USB_STATE_ADDRESS)
usb_disable_device (dev, 1); // Skip ep0
- i = dev->bus_mA - cp->desc.bMaxPower * 2;
- if (i < 0)
- dev_warn(&dev->dev, "new config #%d exceeds power "
- "limit by %dmA\n",
- configuration, -i);
+ if (cp) {
+ i = dev->bus_mA - cp->desc.bMaxPower * 2;
+ if (i < 0)
+ dev_warn(&dev->dev, "new config #%d exceeds power "
+ "limit by %dmA\n",
+ configuration, -i);
+ }
if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
USB_REQ_SET_CONFIGURATION, 0, configuration, 0,
On Thu, 9 Mar 2006, Horst Schirmeier wrote:
> When trying to deconfigure a device via usb_set_configuration(dev, 0),
> 2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
> with "Unable to handle NULL pointer dereference at...". This is due to
> an unchecked dereference of cp in the power budget part.
>
> Signed-off-by: Horst Schirmeier <[email protected]>
Acked-by: Alan Stern <[email protected]>
>
> ---
>
> diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
> index 7135e54..96cabeb 100644
> --- a/drivers/usb/core/message.c
> +++ b/drivers/usb/core/message.c
> @@ -1388,11 +1388,13 @@ free_interfaces:
> if (dev->state != USB_STATE_ADDRESS)
> usb_disable_device (dev, 1); // Skip ep0
>
> - i = dev->bus_mA - cp->desc.bMaxPower * 2;
> - if (i < 0)
> - dev_warn(&dev->dev, "new config #%d exceeds power "
> - "limit by %dmA\n",
> - configuration, -i);
> + if (cp) {
> + i = dev->bus_mA - cp->desc.bMaxPower * 2;
> + if (i < 0)
> + dev_warn(&dev->dev, "new config #%d exceeds power "
> + "limit by %dmA\n",
> + configuration, -i);
> + }
>
> if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
> USB_REQ_SET_CONFIGURATION, 0, configuration, 0,