[lvc-project] [PATCH v2] usb: tegra-xudc: check ep and ep->desc before deref

[Alexey V. Vissarionov]

Good ${greeting_time}!

On 2025-04-16 10:13:05 -0400, Alan Stern wrote:


 >> +	/* trb_phys_to_virt() dereferences ep; check it here */
 >> +	if (!ep) {
 >> +		dev_err(xudc->dev, "unexpected NULL pointer: ep\n");
 >> +		return;
 >> +	}
 > Is this condition something that is totally under the kernel's
 > control? That is, is ep always passed in by a driver and there's
 > never a valid reason for it to be NULL?

IIUC, the endpoints are reported by the device. But the device
may be something like STM32 uC with malicious firmware.

 > Then there's really no need for this check. In real life it
 > will never trigger.

With real devices. But ready-to-use STM32F103C8T6 boards are sold
for only 10...15 CNY, so one would need only to write a firmware
and to flash it in the board using 20 CNY program-and-debug tool.

 > Of course, if it is reasonable for ep or ep->desc to sometimes
 > be NULL, then the checks should be made. But if that were true,
 > I don't know why you would call dev_err().

This was suggested by Jon Hunter on 16 Apr 2025 08:43:58 +0100 and
I've agreed that would be wise.


-- 
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net