Re: [PATCH 1/2] usb: ehci: Prevent possible modulo by zero

From: Khalid Masum
Date: Wed Aug 24 2022 - 14:07:37 EST

Next message: Linus Torvalds: "Re: [PATCH v2 2/3] lib/find_bit: create find_first_zero_bit_le()"
Previous message: Jay Vosburgh: "Re: [PATCH net-next v2] bonding: Remove unnecessary check"
In reply to: Alan Stern: "Re: [PATCH 1/2] usb: ehci: Prevent possible modulo by zero"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The usb_maxpacket() routine does a two-step computation. First, it
> looks up the endpoint number in the pipe to get a usb_host_endpoint
> pointer, and then it uses the pointer to get the maxpacket value.
> Coverity complained that the lookup in the first step can fail, and that
> is in fact true: If there is an interface or configuration change before
> usb_maxpacket() is called, the endpoint number table can change and the
> lookup may fail.
>
> But it turns out the first step isn't needed here at all, since the
> endpoint pointer is already stored in the URB (by the code in

That makes sense. Thanks for explaining.
> usb_submit_urb() that I pointed out earlier). So an appropriate way to
> fix the problem is to carry out just the second step:
>
> - maxpacket = usb_maxpacket(urb->dev, urb->pipe);
> + maxpacket = usb_endpoint_maxp(&urb->ep->desc);
>
> This holds for both of your patches.

Got you.
>
> Alan Stern

-- Khalid Masum

Next message: Linus Torvalds: "Re: [PATCH v2 2/3] lib/find_bit: create find_first_zero_bit_le()"
Previous message: Jay Vosburgh: "Re: [PATCH net-next v2] bonding: Remove unnecessary check"
In reply to: Alan Stern: "Re: [PATCH 1/2] usb: ehci: Prevent possible modulo by zero"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]