[PATCH 3.18 48/83] Input: xpad - fix oops when attaching an unknown Xbox One gamepad

From: Greg Kroah-Hartman
Date: Thu Nov 29 2018 - 09:15:13 EST

Next message: Greg Kroah-Hartman: "[PATCH 3.18 49/83] Input: xpad - power off wireless 360 controllers on suspend"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 47/83] Input: xpad - fix rumble on Xbox One controllers with 2015 firmware"
In reply to: Greg Kroah-Hartman: "[PATCH 3.18 47/83] Input: xpad - fix rumble on Xbox One controllers with 2015 firmware"
Next in thread: Greg Kroah-Hartman: "[PATCH 3.18 49/83] Input: xpad - power off wireless 360 controllers on suspend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.18-stable review patch. If anyone has any objections, please let me know.

------------------

[ Upstream commit c7f1429389ec1aa25e042bb13451385fbb596f8c ]

Xbox One controllers have multiple interfaces which all have the
same class, subclass, and protocol. One of the these interfaces
has only a single endpoint. When Xpad attempts to bind to this
interface, it causes an oops when trying initialize the output URB
by trying to access the second endpoint's descriptor.

This situation was avoided for known Xbox One devices by checking
the XTYPE constant associated with the VID and PID tuple. However,
this breaks when new or previously unknown Xbox One controllers
are attached to the system.

This change addresses the problem by deriving the XTYPE for Xbox
One controllers based on the interface protocol before checking
the interface number.

Fixes: 1a48ff81b391 ("Input: xpad - add support for Xbox One controllers")
Signed-off-by: Cameron Gutman <aicommander@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/input/joystick/xpad.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
index 6586d7ae0019..05a5c647ed36 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -1442,16 +1442,6 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
break;
}

- if (xpad_device[i].xtype == XTYPE_XBOXONE &&
- intf->cur_altsetting->desc.bInterfaceNumber != 0) {
- /*
- * The Xbox One controller lists three interfaces all with the
- * same interface class, subclass and protocol. Differentiate by
- * interface number.
- */
- return -ENODEV;
- }
-
xpad = kzalloc(sizeof(struct usb_xpad), GFP_KERNEL);
if (!xpad)
return -ENOMEM;
@@ -1483,6 +1473,8 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
if (intf->cur_altsetting->desc.bInterfaceClass == USB_CLASS_VENDOR_SPEC) {
if (intf->cur_altsetting->desc.bInterfaceProtocol == 129)
xpad->xtype = XTYPE_XBOX360W;
+ else if (intf->cur_altsetting->desc.bInterfaceProtocol == 208)
+ xpad->xtype = XTYPE_XBOXONE;
else
xpad->xtype = XTYPE_XBOX360;
} else {
@@ -1497,6 +1489,17 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
xpad->mapping |= MAP_STICKS_TO_NULL;
}

+ if (xpad->xtype == XTYPE_XBOXONE &&
+ intf->cur_altsetting->desc.bInterfaceNumber != 0) {
+ /*
+ * The Xbox One controller lists three interfaces all with the
+ * same interface class, subclass and protocol. Differentiate by
+ * interface number.
+ */
+ error = -ENODEV;
+ goto err_free_in_urb;
+ }
+
error = xpad_init_output(intf, xpad);
if (error)
goto err_free_in_urb;
--
2.17.1

Next message: Greg Kroah-Hartman: "[PATCH 3.18 49/83] Input: xpad - power off wireless 360 controllers on suspend"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 47/83] Input: xpad - fix rumble on Xbox One controllers with 2015 firmware"
In reply to: Greg Kroah-Hartman: "[PATCH 3.18 47/83] Input: xpad - fix rumble on Xbox One controllers with 2015 firmware"
Next in thread: Greg Kroah-Hartman: "[PATCH 3.18 49/83] Input: xpad - power off wireless 360 controllers on suspend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]