[PATCH 4.4 31/60] USB: serial: io_edgeport: fix epic-descriptor handling

From: Greg Kroah-Hartman
Date: Thu May 11 2017 - 10:26:20 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 34/60] USB: serial: ftdi_sio: fix latency-timer error handling"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 58/60] f2fs: sanity check segment count"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 58/60] f2fs: sanity check segment count"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 34/60] USB: serial: ftdi_sio: fix latency-timer error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Johan Hovold <johan@xxxxxxxxxx>

commit e4457d9798adb96272468e93da663de9bd0a4198 upstream.

Use a dedicated buffer for the DMA transfer and make sure to detect
short transfers to avoid parsing a corrupt descriptor.

Fixes: 6e8cf7751f9f ("USB: add EPIC support to the io_edgeport driver")
Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/usb/serial/io_edgeport.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)

--- a/drivers/usb/serial/io_edgeport.c
+++ b/drivers/usb/serial/io_edgeport.c
@@ -492,20 +492,24 @@ static int get_epic_descriptor(struct ed
int result;
struct usb_serial *serial = ep->serial;
struct edgeport_product_info *product_info = &ep->product_info;
- struct edge_compatibility_descriptor *epic = &ep->epic_descriptor;
+ struct edge_compatibility_descriptor *epic;
struct edge_compatibility_bits *bits;
struct device *dev = &serial->dev->dev;

ep->is_epic = 0;
+
+ epic = kmalloc(sizeof(*epic), GFP_KERNEL);
+ if (!epic)
+ return -ENOMEM;
+
result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
USB_REQUEST_ION_GET_EPIC_DESC,
0xC0, 0x00, 0x00,
- &ep->epic_descriptor,
- sizeof(struct edge_compatibility_descriptor),
+ epic, sizeof(*epic),
300);
-
- if (result > 0) {
+ if (result == sizeof(*epic)) {
ep->is_epic = 1;
+ memcpy(&ep->epic_descriptor, epic, sizeof(*epic));
memset(product_info, 0, sizeof(struct edgeport_product_info));

product_info->NumPorts = epic->NumPorts;
@@ -534,8 +538,16 @@ static int get_epic_descriptor(struct ed
dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR ? "TRUE": "FALSE");
dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate ? "TRUE": "FALSE");
dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport ? "TRUE": "FALSE");
+
+ result = 0;
+ } else if (result >= 0) {
+ dev_warn(&serial->interface->dev, "short epic descriptor received: %d\n",
+ result);
+ result = -EIO;
}

+ kfree(epic);
+
return result;
}

@@ -2789,7 +2801,7 @@ static int edge_startup(struct usb_seria
dev_info(&serial->dev->dev, "%s detected\n", edge_serial->name);

/* Read the epic descriptor */
- if (get_epic_descriptor(edge_serial) <= 0) {
+ if (get_epic_descriptor(edge_serial) < 0) {
/* memcpy descriptor to Supports structures */
memcpy(&edge_serial->epic_descriptor.Supports, descriptor,
sizeof(struct edge_compatibility_bits));

Next message: Greg Kroah-Hartman: "[PATCH 4.4 34/60] USB: serial: ftdi_sio: fix latency-timer error handling"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 58/60] f2fs: sanity check segment count"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 58/60] f2fs: sanity check segment count"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 34/60] USB: serial: ftdi_sio: fix latency-timer error handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]