[PATCH] USB: usbcore: usb_set_configuration oops (NULL ptr dereference)

When trying to deconfigure a device via usb_set_configuration(dev, 0),
2.6.16-rc kernels after 55c527187c9d78f840b284d596a0b298bc1493af oops
with "Unable to handle NULL pointer dereference at...". This is due to
an unchecked dereference of cp in the power budget part.

Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 2f6009b0cffc54c01b94839be60f769ed54f6e52..08fb20f06f3e9864971dee4243e4ed7b5fba4eae 100644 (file)
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -1388,11 +1388,13 @@ free_interfaces:
        if (dev->state != USB_STATE_ADDRESS)
                usb_disable_device (dev, 1);    // Skip ep0
 
-       i = dev->bus_mA - cp->desc.bMaxPower * 2;
-       if (i < 0)
-               dev_warn(&dev->dev, "new config #%d exceeds power "
-                               "limit by %dmA\n",
-                               configuration, -i);
+       if (cp) {
+               i = dev->bus_mA - cp->desc.bMaxPower * 2;
+               if (i < 0)
+                       dev_warn(&dev->dev, "new config #%d exceeds power "
+                                       "limit by %dmA\n",
+                                       configuration, -i);
+       }
 
        if ((ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
                        USB_REQ_SET_CONFIGURATION, 0, configuration, 0,