[PATCH 3.16.y-ckt 005/129] USB: serial: visor: fix crash on detecting device without write_urbs
From: Luis Henriques
Date: Fri Feb 26 2016 - 06:10:44 EST
3.16.7-ckt25 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Vladis Dronov <vdronov@xxxxxxxxxx>
commit cb3232138e37129e88240a98a1d2aba2187ff57c upstream.
The visor driver crashes in clie_5_attach() when a specially crafted USB
device without bulk-out endpoint is detected. This fix adds a check that
the device has proper configuration expected by the driver.
Reported-by: Ralf Spenneberg <ralf@xxxxxxxxxxxxxx>
Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
Fixes: cfb8da8f69b8 ("USB: visor: fix initialisation of UX50/TH55 devices")
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Cc: Moritz Muehlenhoff <jmm@xxxxxxxxxx>
Signed-off-by: Luis Henriques <luis.henriques@xxxxxxxxxxxxx>
---
drivers/usb/serial/visor.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c
index 60afb39eb73c..bbc90c059002 100644
--- a/drivers/usb/serial/visor.c
+++ b/drivers/usb/serial/visor.c
@@ -597,8 +597,10 @@ static int clie_5_attach(struct usb_serial *serial)
*/
/* some sanity check */
- if (serial->num_ports < 2)
- return -1;
+ if (serial->num_bulk_out < 2) {
+ dev_err(&serial->interface->dev, "missing bulk out endpoints\n");
+ return -ENODEV;
+ }
/* port 0 now uses the modified endpoint Address */
port = serial->port[0];