usb: check usb_hub_to_struct_hub() return value
usb_hub_to_struct_hub() can return NULL in some unlikely cases.
Add checks where appropriate, or pass the hub pointer as an additional
argument if it's known to be valid.
The places it makes sense to check usb_hub_to_struct_hub()
are picked based on feedback from Alan Stern.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index feef935..4191db3 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -718,18 +718,18 @@
/**
* usb_hub_set_port_power - control hub port's power state
- * @hdev: target hub
+ * @hdev: USB device belonging to the usb hub
+ * @hub: target hub
* @port1: port index
* @set: expected status
*
* call this function to control port's power via setting or
* clearing the port's PORT_POWER feature.
*/
-int usb_hub_set_port_power(struct usb_device *hdev, int port1,
- bool set)
+int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub,
+ int port1, bool set)
{
int ret;
- struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
struct usb_port *port_dev = hub->ports[port1 - 1];
if (set)
@@ -1769,15 +1769,17 @@
static int find_port_owner(struct usb_device *hdev, unsigned port1,
struct dev_state ***ppowner)
{
+ struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
+
if (hdev->state == USB_STATE_NOTATTACHED)
return -ENODEV;
if (port1 == 0 || port1 > hdev->maxchild)
return -EINVAL;
- /* This assumes that devices not managed by the hub driver
+ /* Devices not managed by the hub driver
* will always have maxchild equal to 0.
*/
- *ppowner = &(usb_hub_to_struct_hub(hdev)->ports[port1 - 1]->port_owner);
+ *ppowner = &(hub->ports[port1 - 1]->port_owner);
return 0;
}
@@ -5323,7 +5325,8 @@
{
struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
- hub->ports[port1 - 1]->connect_type = type;
+ if (hub)
+ hub->ports[port1 - 1]->connect_type = type;
}
/**
@@ -5339,6 +5342,9 @@
{
struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
+ if (!hub)
+ return USB_PORT_CONNECT_TYPE_UNKNOWN;
+
return hub->ports[port1 - 1]->connect_type;
}
@@ -5397,6 +5403,9 @@
{
struct usb_hub *hub = usb_hub_to_struct_hub(hdev);
+ if (!hub)
+ return NULL;
+
return DEVICE_ACPI_HANDLE(&hub->ports[port1 - 1]->dev);
}
#endif
diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h
index 80ab9ee..6508e02 100644
--- a/drivers/usb/core/hub.h
+++ b/drivers/usb/core/hub.h
@@ -100,7 +100,7 @@
int port1);
extern void usb_hub_remove_port_device(struct usb_hub *hub,
int port1);
-extern int usb_hub_set_port_power(struct usb_device *hdev,
+extern int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub,
int port1, bool set);
extern struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev);
extern int hub_port_debounce(struct usb_hub *hub, int port1,
diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c
index b8bad29..5fd3fee 100644
--- a/drivers/usb/core/port.c
+++ b/drivers/usb/core/port.c
@@ -86,7 +86,7 @@
usb_autopm_get_interface(intf);
set_bit(port1, hub->busy_bits);
- retval = usb_hub_set_port_power(hdev, port1, true);
+ retval = usb_hub_set_port_power(hdev, hub, port1, true);
if (port_dev->child && !retval) {
/*
* Wait for usb hub port to be reconnected in order to make
@@ -128,7 +128,7 @@
usb_autopm_get_interface(intf);
set_bit(port1, hub->busy_bits);
- retval = usb_hub_set_port_power(hdev, port1, false);
+ retval = usb_hub_set_port_power(hdev, hub, port1, false);
usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_CONNECTION);
usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_ENABLE);
clear_bit(port1, hub->busy_bits);