[src/trunk]: src/sys/dev/usb fix NULL pointer dereference on detaching:

[cegger <cegger%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e42960c9130a
branches:  trunk
changeset: 757543:e42960c9130a
user:      cegger <cegger%NetBSD.org@localhost>
date:      Fri Sep 03 23:15:09 2010 +0000

description:
fix NULL pointer dereference on detaching:
Attach an USB device that looks like this:
ugen1 at uhub0 port 2
ugen1: detached
ugen1: at uhub0 port 2 (addr 3) disconnected


When unplugging the device:

usb_transfer_complete: xfer=0xffff80000832a800 not busy 0x00000055
usb_transfer_complete: bad dequeue 0xffff80000832a800 != 0x0

diffstat:

 sys/dev/usb/usbdi.c |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (28 lines):

diff -r 5305b2918f2d -r e42960c9130a sys/dev/usb/usbdi.c
--- a/sys/dev/usb/usbdi.c       Fri Sep 03 19:20:37 2010 +0000
+++ b/sys/dev/usb/usbdi.c       Fri Sep 03 23:15:09 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: usbdi.c,v 1.127 2010/01/16 17:03:03 bouyer Exp $       */
+/*     $NetBSD: usbdi.c,v 1.128 2010/09/03 23:15:09 cegger Exp $       */
 /*     $FreeBSD: src/sys/dev/usb/usbdi.c,v 1.28 1999/11/17 22:33:49 n_hibma Exp $      */
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.127 2010/01/16 17:03:03 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usbdi.c,v 1.128 2010/09/03 23:15:09 cegger Exp $");
 
 #include "opt_compat_netbsd.h"
 
@@ -800,7 +800,8 @@
                               xfer, SIMPLEQ_FIRST(&pipe->queue));
                xfer->busy_free = XFER_BUSY;
 #endif
-               SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
+               if (SIMPLEQ_FIRST(&pipe->queue) != NULL)
+                       SIMPLEQ_REMOVE_HEAD(&pipe->queue, next);
        }
        DPRINTFN(5,("usb_transfer_complete: repeat=%d new head=%p\n",
                    repeat, SIMPLEQ_FIRST(&pipe->queue)));