Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 189279

Summary: [Stratus RHEL4 U4 bug] unchecked error path in usb_alloc_dev can lead to an Oops.
Product: Red Hat Enterprise Linux 4 Reporter: Kimball Murray <kimball.murray>
Component: kernelAssignee: Kimball Murray <kmurray>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: jbaron, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2006-0575 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-10 23:10:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 181409, 184261    
Attachments:
Description Flags
This patch has been tested and applies to 2.6.9-34.17
none
Alternative fix none

Description Kimball Murray 2006-04-18 19:08:35 UTC 
Description of problem:
usb_alloc_dev (drivers/usb/core/usb.c) calls dev->bus->op->allocate(...) without
checking the return value of that function.  That function seems to always point
to hcd_alloc_dev, which can fail for a variety of reasons, one if which is a low
memory condition.  But if that function does fail, udev->hcpriv will not have
been initialized, and we will Oops later on when that hcpriv field is dereferenced.

Version-Release number of selected component (if applicable):


How reproducible:
In our (Stratus) environment, we seem to step into this bug in almost 1 out of 3
times.

Steps to Reproduce:
Generally, we've been hitting this by calling pci_remove for the root hub while
nearly at the same time disconnecting/connecting a USB keyboard to the hub.
  
Actual results:
kernel Oops from hcd_endpoint_disable().

Expected results:
better USB error handling.

Additional info:
This code path is not present upstream, as most of USB is re-written.  However,
for the existing RHEL4 code, we have put together a patch to test for the error
case to avoid the Oops, and tested it with success.  The patch is attached here.
Comment 1 Kimball Murray 2006-04-18 19:08:35 UTC 
Created attachment 127941 [details]
This patch has been tested and applies to 2.6.9-34.17
Comment 3 Pete Zaitcev 2006-04-21 04:10:40 UTC 
Created attachment 128073 [details]
Alternative fix
Comment 5 Kimball Murray 2006-04-25 13:39:47 UTC 
Stratus has tested Pete's patch with positive results.
Comment 7 Jason Baron 2006-05-03 18:07:58 UTC 
committed in stream U4 build 35. A test kernel with this patch is available from
http://people.redhat.com/~jbaron/rhel4/
Comment 10 Red Hat Bugzilla 2006-08-10 23:10:04 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0575.html