Red Hat Bugzilla – Bug 189279
[Stratus RHEL4 U4 bug] unchecked error path in usb_alloc_dev can lead to an Oops.
Last modified: 2007-11-30 17:07:24 EST
Description of problem:
usb_alloc_dev (drivers/usb/core/usb.c) calls dev->bus->op->allocate(...) without
checking the return value of that function. That function seems to always point
to hcd_alloc_dev, which can fail for a variety of reasons, one if which is a low
memory condition. But if that function does fail, udev->hcpriv will not have
been initialized, and we will Oops later on when that hcpriv field is dereferenced.
Version-Release number of selected component (if applicable):
In our (Stratus) environment, we seem to step into this bug in almost 1 out of 3
Steps to Reproduce:
Generally, we've been hitting this by calling pci_remove for the root hub while
nearly at the same time disconnecting/connecting a USB keyboard to the hub.
kernel Oops from hcd_endpoint_disable().
better USB error handling.
This code path is not present upstream, as most of USB is re-written. However,
for the existing RHEL4 code, we have put together a patch to test for the error
case to avoid the Oops, and tested it with success. The patch is attached here.
Created attachment 127941 [details]
This patch has been tested and applies to 2.6.9-34.17
Created attachment 128073 [details]
Stratus has tested Pete's patch with positive results.
committed in stream U4 build 35. A test kernel with this patch is available from
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.