Fix up the NULL pointer deference issue in ohci_kdb_poll_char.
Without this fixup, we may encounter Oops while we invoke kdb via ohci
usb keyboard. One of my colleagues encountered this while he is using
RHEL update1 kernels with kdb patches applied.
[root@localhost ~]#
Entering kdb (task 0xffff8101338e1100 pid 0) on cpu 1 due to Keyboard Entry
[1]kdb> Unable to handle kernel NULL pointer dereference at 0000000000000084
RIP:
[<ffffffff88013c92>] :ohci_hcd:ohci_kdb_poll+0x75/0x18e
PGD 1119d8067 PUD 111b5e067 PMD 0
Oops: 0000 [1] SMP
last sysfs file: /devices/pci0000:00/0000:00:01.0/irq
kdb: Debugger re-entered on cpu 1, new reason = 5
Not executing a kdb command
Cannot recover, allowing event to proceed
This issue occurs since ohci->hcca is dereferenced while it's NULL pointer.
1017 if (ohci->hcca->done_head) {
1018 dl_done_list_kdb (ohci, urb);
1019 ohci_writel (ohci, OHCI_INTR_WDH, ®s->intrstatus);
1020 // flush the pci write
1021 (void) ohci_readl (ohci, &ohci->regs->control);
1022
1023 return 0;
1024 }
Obviously this issue still exists in the latest kdb patches. So I
created a patch against 2.6.26-rc9 kernel/kdb patches.
Signed-off-by: Jason Xiao (jidong.xiao@xxxxxxxxx)
Index: linux/drivers/usb/host/ohci-hcd.c
===================================================================
--- linux-2.6.26.orig/drivers/usb/host/ohci-hcd.c 2008-08-05
21:53:16.000000000 +0800
+++ linux-2.6.26/drivers/usb/host/ohci-hcd.c 2008-08-05
21:54:36.000000000 +0800
@@ -978,7 +978,7 @@ ohci_kdb_poll_char(struct urb *urb)
ohci = (struct ohci_hcd *) hcd_to_ohci(bus_to_hcd(urb->dev->bus));
/* make sure */
- if (!ohci)
+ if (!ohci || !ohci->hcca)
return -1;
if (!HC_IS_RUNNING (ohci_to_hcd(ohci)->state))
Regards
Jason
---------------------------
Use http://oss.sgi.com/ecartis to modify your settings or to unsubscribe.
|