New subject: [PATCH] usb: core: add bos NULL pointer checking condition

4 Oct 2023

      On Wed, Oct 04, 2023 at 03:26:42PM +0900, Woo-kwang Lee wrote:
...
This issue occurs when connecting Galaxy S22 and abnormal SEC Dex Adapter.
When the abnormal adapter is connected, kernel panic always occurs after a
few seconds.
This occurs due to unable to get BOS descriptor, usb_release_bos_descriptor
set dev->bos = NULL.

usb_reset_and_verify_device
hub_port_init
usb_release_bos_descriptor
dev->bos = NULL;

hub_port_connect_change() calls portspeed(), and portspeed() calls hub_is_s
uperspeedplus().
Finally, hub_is_superspeedplus() calls hdev->bos->ssp_cap.
It needs to check hdev->bos is NULL to prevent a kernel panic.
usb 3-1: new SuperSpeed Gen 1 USB device number 16 using xhci-hcd-exynos
usb 3-1: unable to get BOS descriptor set
usb 3-1: Product: USB3.0 Hub
Unable to handle kernel NULL pointer dereference at virtual address 0000018
Call trace:
 hub_port_connect_change+0x8c/0x538
 port_event+0x244/0x764
 hub_event+0x158/0x474
 process_one_work+0x204/0x550
 worker_thread+0x28c/0x580
 kthread+0x13c/0x178
 ret_from_fork+0x10/0x30

hub_port_connect_change
portspeed
hub_is_superspeedplus

Fixes: 0cdd49a1d1a4 ("usb: Support USB 3.1 extended port status request")
Signed-off-by: Woo-kwang Lee wookwang.lee@samsung.com

drivers/usb/core/hub.h | 2 ++
 1 file changed, 2 insertions(+)
Are you sure this isn't already fixed by commit f74a7afc224a ("usb: hub:
Guard against accesses to uninitialized BOS descriptors") in linux-next?
thanks,
greg k-h

Re: [PATCH] usb: core: add bos NULL pointer checking condition