[PATCH 3.12 038/103] USB: usb_wwan: fix handling of missing bulk endpoints

From: Jiri Slaby
Date: Thu May 29 2014 - 10:18:57 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 3.14 000/140] 3.14.5-stable review"
Previous message: Jiri Slaby: "[PATCH 3.12 017/103] scsi: fix our current target reap infrastructure"
In reply to: Jiri Slaby: "[PATCH 3.12 017/103] scsi: fix our current target reap infrastructure"
Next in thread: Jiri Slaby: "[PATCH 3.12 040/103] usb: option driver, add support for Telit UE910v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Johan Hovold <jhovold@xxxxxxxxx>

3.12-stable review patch. If anyone has any objections, please let me know.

===============

commit bd73bd8831696f189a479a0712ae95208e513d7e upstream.

Fix regression introduced by commit 8e493ca1767d ("USB: usb_wwan: fix
bulk-urb allocation") by making sure to require both bulk-in and out
endpoints during port probe.

The original option driver (which usb_wwan is based on) was written
under the assumption that either endpoint could be missing, but
evidently this cannot have been tested properly. Specifically, it would
handle opening a device without bulk-in (but would blow up during resume
which was implemented later), but not a missing bulk-out in write()
(although it is handled in some places such as write_room()).

Fortunately (?), the driver also got the test for missing endpoints
wrong so the urbs were in fact always allocated, although they would be
initialised using the wrong endpoint address (0) and any submission of
such an urb would fail.

The commit mentioned above fixed the test for missing endpoints but
thereby exposed the other bugs which would now generate null-pointer
exceptions rather than failed urb submissions.

The regression was introduced in v3.7, but the offending commit was also
marked for stable.

Reported-by: RafaÅ MiÅecki <zajec5@xxxxxxxxx>
Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx>
Tested-by: RafaÅ MiÅecki <zajec5@xxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
drivers/usb/serial/usb_wwan.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c
index 85365784040b..6fa78361be56 100644
--- a/drivers/usb/serial/usb_wwan.c
+++ b/drivers/usb/serial/usb_wwan.c
@@ -470,6 +470,9 @@ int usb_wwan_port_probe(struct usb_serial_port *port)
int err;
int i;

+ if (!port->bulk_in_size || !port->bulk_out_size)
+ return -ENODEV;
+
portdata = kzalloc(sizeof(*portdata), GFP_KERNEL);
if (!portdata)
return -ENOMEM;
@@ -477,9 +480,6 @@ int usb_wwan_port_probe(struct usb_serial_port *port)
init_usb_anchor(&portdata->delayed);

for (i = 0; i < N_IN_URB; i++) {
- if (!port->bulk_in_size)
- break;
-
buffer = (u8 *)__get_free_page(GFP_KERNEL);
if (!buffer)
goto bail_out_error;
@@ -493,9 +493,6 @@ int usb_wwan_port_probe(struct usb_serial_port *port)
}

for (i = 0; i < N_OUT_URB; i++) {
- if (!port->bulk_out_size)
- break;
-
buffer = kmalloc(OUT_BUFLEN, GFP_KERNEL);
if (!buffer)
goto bail_out_error2;
--
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "Re: [PATCH 3.14 000/140] 3.14.5-stable review"
Previous message: Jiri Slaby: "[PATCH 3.12 017/103] scsi: fix our current target reap infrastructure"
In reply to: Jiri Slaby: "[PATCH 3.12 017/103] scsi: fix our current target reap infrastructure"
Next in thread: Jiri Slaby: "[PATCH 3.12 040/103] usb: option driver, add support for Telit UE910v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]