[PATCH] USB: don't read past config->interface[] if usb_control_msg()fails in usb_reset_configuration()
From: Roel Kluin
Date: Tue Feb 09 2010 - 07:53:22 EST
After the loop `for (i = 0; i < config->desc.bNumInterfaces; i++)' if no
break occurred, i equals config->desc.bNumInterfaces. so if
usb_control_msg() failed then after goto reset_old_alts we read from
config->interface[config->desc.bNumInterfaces].
Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 9bc95fe..00b49bc 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -1466,10 +1466,15 @@ int usb_reset_configuration(struct usb_device *dev)
retval = usb_hcd_alloc_bandwidth(dev, NULL,
intf->cur_altsetting, alt);
if (retval < 0)
- break;
+ /* If not, reinstate the old alternate settings */
+ goto reset_old_alts;
}
- /* If not, reinstate the old alternate settings */
+ retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
+ USB_REQ_SET_CONFIGURATION, 0,
+ config->desc.bConfigurationValue, 0,
+ NULL, 0, USB_CTRL_SET_TIMEOUT);
if (retval < 0) {
+ i--;
reset_old_alts:
for (; i >= 0; i--) {
struct usb_interface *intf = config->interface[i];
@@ -1485,12 +1490,6 @@ reset_old_alts:
mutex_unlock(&hcd->bandwidth_mutex);
return retval;
}
- retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
- USB_REQ_SET_CONFIGURATION, 0,
- config->desc.bConfigurationValue, 0,
- NULL, 0, USB_CTRL_SET_TIMEOUT);
- if (retval < 0)
- goto reset_old_alts;
mutex_unlock(&hcd->bandwidth_mutex);
/* re-init hc/hcd interface/endpoint state */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/