From 4da04e3f04b8ea3aff613b136bd1dd29f7e25f13 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Wed, 14 Jul 2021 10:19:25 +0800
Subject: [PATCH] DM: xHCI: Check trb pointer before use it

The trb pointer may be NULL when get the address from user space, add
the pointer check before use the trb.

Tracked-On: #6172
Signed-off-by: Liu Long <long.liu@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
---
 devicemodel/hw/pci/xhci.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/devicemodel/hw/pci/xhci.c b/devicemodel/hw/pci/xhci.c
index bfcc20f44..bafcbaada 100644
--- a/devicemodel/hw/pci/xhci.c
+++ b/devicemodel/hw/pci/xhci.c
@@ -2626,6 +2626,10 @@ pci_xhci_complete_commands(struct pci_xhci_vdev *xdev)
 	trb = xdev->opregs.cr_p;
 	ccs = xdev->opregs.crcr & XHCI_CRCR_LO_RCS;
 	crcr = xdev->opregs.crcr & ~0xF;
+	if (!trb) {
+		UPRINTF(LDBG, "Get the invalid guest address!\r\n");
+		goto out;
+	}
 
 	while (1) {
 		xdev->opregs.cr_p = trb;
@@ -2757,6 +2761,7 @@ pci_xhci_complete_commands(struct pci_xhci_vdev *xdev)
 		}
 	}
 
+out:
 	xdev->opregs.crcr = crcr | (xdev->opregs.crcr & XHCI_CRCR_LO_CA) | ccs;
 	xdev->opregs.crcr &= ~XHCI_CRCR_LO_CRR;
 	return error;