Bug 189279 - [Stratus RHEL4 U4 bug] unchecked error path in usb_alloc_dev can lead to an Oops.
Summary: [Stratus RHEL4 U4 bug] unchecked error path in usb_alloc_dev can lead to an O...
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Kimball Murray
QA Contact: Brian Brock
Depends On:
Blocks: 181409 184261
TreeView+ depends on / blocked
Reported: 2006-04-18 19:08 UTC by Kimball Murray
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version: RHSA-2006-0575
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-10 23:10:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
This patch has been tested and applies to 2.6.9-34.17 (746 bytes, patch)
2006-04-18 19:08 UTC, Kimball Murray
no flags Details | Diff
Alternative fix (2.65 KB, patch)
2006-04-21 04:10 UTC, Pete Zaitcev
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0575 normal SHIPPED_LIVE Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4 2006-08-10 04:00:00 UTC

Description Kimball Murray 2006-04-18 19:08:35 UTC
Description of problem:
usb_alloc_dev (drivers/usb/core/usb.c) calls dev->bus->op->allocate(...) without
checking the return value of that function.  That function seems to always point
to hcd_alloc_dev, which can fail for a variety of reasons, one if which is a low
memory condition.  But if that function does fail, udev->hcpriv will not have
been initialized, and we will Oops later on when that hcpriv field is dereferenced.

Version-Release number of selected component (if applicable):

How reproducible:
In our (Stratus) environment, we seem to step into this bug in almost 1 out of 3

Steps to Reproduce:
Generally, we've been hitting this by calling pci_remove for the root hub while
nearly at the same time disconnecting/connecting a USB keyboard to the hub.
Actual results:
kernel Oops from hcd_endpoint_disable().

Expected results:
better USB error handling.

Additional info:
This code path is not present upstream, as most of USB is re-written.  However,
for the existing RHEL4 code, we have put together a patch to test for the error
case to avoid the Oops, and tested it with success.  The patch is attached here.

Comment 1 Kimball Murray 2006-04-18 19:08:35 UTC
Created attachment 127941 [details]
This patch has been tested and applies to 2.6.9-34.17

Comment 3 Pete Zaitcev 2006-04-21 04:10:40 UTC
Created attachment 128073 [details]
Alternative fix

Comment 5 Kimball Murray 2006-04-25 13:39:47 UTC
Stratus has tested Pete's patch with positive results.

Comment 7 Jason Baron 2006-05-03 18:07:58 UTC
committed in stream U4 build 35. A test kernel with this patch is available from

Comment 10 Red Hat Bugzilla 2006-08-10 23:10:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.