xhci: check control context is valid before dereferencing it.
authorMathias Nyman <mathias.nyman@linux.intel.com>
Tue, 6 Apr 2021 07:02:06 +0000 (10:02 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 6 Apr 2021 09:16:55 +0000 (11:16 +0200)
Don't dereference ctrl_ctx before checking it's valid.
Issue reported by Klockwork

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20210406070208.3406266-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/host/xhci.c

index 5d9fc3cd07a5dde26a135418821559d1c7c0e3ca..f9614716ecd7f85954ce50593ca0684f4905dd10 100644 (file)
@@ -3261,6 +3261,14 @@ static void xhci_endpoint_reset(struct usb_hcd *hcd,
 
        /* config ep command clears toggle if add and drop ep flags are set */
        ctrl_ctx = xhci_get_input_control_ctx(cfg_cmd->in_ctx);
+       if (!ctrl_ctx) {
+               spin_unlock_irqrestore(&xhci->lock, flags);
+               xhci_free_command(xhci, cfg_cmd);
+               xhci_warn(xhci, "%s: Could not get input context, bad type.\n",
+                               __func__);
+               goto cleanup;
+       }
+
        xhci_setup_input_ctx_for_config_ep(xhci, cfg_cmd->in_ctx, vdev->out_ctx,
                                           ctrl_ctx, ep_flag, ep_flag);
        xhci_endpoint_copy(xhci, cfg_cmd->in_ctx, vdev->out_ctx, ep_index);