From: Krzysztof Mazur <krzysiek@podlesie.net>
Date: Thu, 22 Aug 2013 12:49:38 +0000 (+0200)
Subject: usb: fix cleanup after failure in hub_configure()
X-Git-Tag: firefly_0821_release~176^2~5474^2~29
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d0308d4b6b02597f39fc31a9bddf7bb3faad5622;p=firefly-linux-kernel-4.4.55.git

usb: fix cleanup after failure in hub_configure()

If the hub_configure() fails after setting the hdev->maxchild
the hub->ports might be NULL or point to uninitialized kzallocated
memory causing NULL pointer dereference in hub_quiesce() during cleanup.

Now after such error the hdev->maxchild is set to 0 to avoid cleanup
of uninitialized ports.

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 175179eb17ee..22811f1f86f3 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1573,6 +1573,7 @@ static int hub_configure(struct usb_hub *hub,
 	return 0;
 
 fail:
+	hdev->maxchild = 0;
 	dev_err (hub_dev, "config failed, %s (err %d)\n",
 			message, ret);
 	/* hub_disconnect() frees urb and descriptor */