From 2668a556880ec1c3b5675dd9f6387e30e582a9d7 Mon Sep 17 00:00:00 2001 From: Alexander Boettcher Date: Mon, 3 Apr 2017 14:08:32 +0200 Subject: [PATCH] usb_drv: fix various nullpointer in raw binding during reset of a VM, usb device ejected before hand: ded! amount=27941, size=4096, consumed=24576 Warning: could not allocate metadata [init -> nit_fb1] using xywh=(0,0,2560,1440) [init -> usb_drv] dev_info: new SuperSpeed USB device number 2 using xhci_hcd [init -> vbox1] Attach USB device 0002:0002 (vendor=951, product=16a5) Warning: Quota exceeded! amount=36133, size=4096, consumed=32768 Warning: could not allocate metadata [init -> nit_fb1] using xywh=(0,0,2560,1440) [init -> vbox1] EMT-0 VMMDev: Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes [init -> vbox1] EMT-0 VMMDev: Guest Additions capability report: (0x5 -> 0x0) seamless: no, hostWindowMapping: no, graphics: no [init -> vbox1] EMT-0 VMMDev: Guest Additions capability report: (0x0 -> 0x0) seamless: no, hostWindowMapping: no, graphics: no [init -> vbox1] EMT-1 VMMDev: Guest Additions capability report: (0x0 -> 0x0) seamless: no, hostWindowMapping: no, graphics: no Warning: Quota exceeded! amount=44325, size=4096, consumed=40960 Warning: could not allocate metadata [init -> vbox1] fb resize : [0] 2560x1440 -> 1024x768 no RM attachment (READ pf_addr=0x4 pf_ip=0x105367e from pager_object: pd='init -> usb_drv' thread='ep') page fault, pd='init -> usb_drv' thread='ep' cpu=0 ip=0x105367e address=0x4 stack pointer=0xa07fef18 qualifiers=0x4 irUwp reason=1 Seen during #2338 --- repos/dde_linux/src/lib/usb/raw/raw.cc | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/repos/dde_linux/src/lib/usb/raw/raw.cc b/repos/dde_linux/src/lib/usb/raw/raw.cc index a6ec77220d..eafec2a2a2 100644 --- a/repos/dde_linux/src/lib/usb/raw/raw.cc +++ b/repos/dde_linux/src/lib/usb/raw/raw.cc @@ -91,6 +91,12 @@ struct Device : List::Element usb_interface *interface(unsigned index) { + if (!udev || !udev->actconfig) + return nullptr; + + if (index >= udev->actconfig->desc.bNumInterfaces) + return nullptr; + usb_interface *iface = udev->actconfig->interface[index]; return iface; } @@ -580,7 +586,7 @@ class Usb::Session_component : public Session_rpc_object, ~Session_component() { /* release claimed interfaces */ - if (_device) { + if (_device && _device->udev && _device->udev->actconfig) { unsigned const num = _device->udev->actconfig->desc.bNumInterfaces; for (unsigned i = 0; i < num; i++) release_interface(i); @@ -643,7 +649,11 @@ class Usb::Session_component : public Session_rpc_object, if (!_device) throw Device_not_found(); - return _device->interface(index)->num_altsetting; + usb_interface *iface = _device->interface(index); + if (!iface) + throw Interface_not_found(); + + return iface->num_altsetting; } void interface_descriptor(unsigned index, unsigned alt_setting, @@ -652,10 +662,10 @@ class Usb::Session_component : public Session_rpc_object, if (!_device) throw Device_not_found(); - if (index >= _device->udev->actconfig->desc.bNumInterfaces) + usb_interface *iface = _device->interface(index); + if (!iface) throw Interface_not_found(); - usb_interface *iface = _device->interface(index); Genode::memcpy(interface_descr, &iface->altsetting[alt_setting].desc, sizeof(usb_interface_descriptor)); @@ -668,13 +678,13 @@ class Usb::Session_component : public Session_rpc_object, unsigned endpoint_num, Endpoint_descriptor *endpoint_descr) override { - if (!_device) + if (!_device || !_device->udev) throw Device_not_found(); - if (interface_num >= _device->udev->actconfig->desc.bNumInterfaces) + usb_interface *iface = usb_ifnum_to_if(_device->udev, interface_num); + if (!iface) throw Interface_not_found(); - usb_interface *iface = usb_ifnum_to_if(_device->udev, interface_num); Genode::memcpy(endpoint_descr, &_device->endpoint(iface, alt_setting, endpoint_num)->desc, sizeof(usb_endpoint_descriptor)); }