From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mayank Rana <mrana@codeaurora.org>,
Jack Pham <jackp@codeaurora.org>,
Felipe Balbi <felipe.balbi@linux.intel.com>
Subject: [PATCH 4.4 19/22] usb: gadget: f_fs: Process all descriptors during bind
Date: Mon, 26 Feb 2018 21:16:19 +0100 [thread overview]
Message-ID: <20180226201559.576997613@linuxfoundation.org> (raw)
In-Reply-To: <20180226201558.681421374@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jack Pham <jackp@codeaurora.org>
commit 6cf439e0d37463e42784271179c8a308fd7493c6 upstream.
During _ffs_func_bind(), the received descriptors are evaluated
to prepare for binding with the gadget in order to allocate
endpoints and optionally set up OS descriptors. However, the
high- and super-speed descriptors are only parsed based on
whether the gadget_is_dualspeed() and gadget_is_superspeed()
calls are true, respectively.
This is a problem in case a userspace program always provides
all of the {full,high,super,OS} descriptors when configuring a
function. Then, for example if a gadget device is not capable
of SuperSpeed, the call to ffs_do_descs() for the SS descriptors
is skipped, resulting in an incorrect offset calculation for
the vla_ptr when moving on to the OS descriptors that follow.
This causes ffs_do_os_descs() to fail as it is now looking at
the SS descriptors' offset within the raw_descs buffer instead.
_ffs_func_bind() should evaluate the descriptors unconditionally,
so remove the checks for gadget speed.
Fixes: f0175ab51993 ("usb: gadget: f_fs: OS descriptors support")
Cc: stable@vger.kernel.org
Co-Developed-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Mayank Rana <mrana@codeaurora.org>
Signed-off-by: Jack Pham <jackp@codeaurora.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_fs.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2756,10 +2756,8 @@ static int _ffs_func_bind(struct usb_con
struct ffs_data *ffs = func->ffs;
const int full = !!func->ffs->fs_descs_count;
- const int high = gadget_is_dualspeed(func->gadget) &&
- func->ffs->hs_descs_count;
- const int super = gadget_is_superspeed(func->gadget) &&
- func->ffs->ss_descs_count;
+ const int high = !!func->ffs->hs_descs_count;
+ const int super = !!func->ffs->ss_descs_count;
int fs_len, hs_len, ss_len, ret, i;
struct ffs_ep *eps_ptr;
next prev parent reply other threads:[~2018-02-26 20:16 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-26 20:16 [PATCH 4.4 00/22] 4.4.119-stable review Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 01/22] netfilter: drop outermost socket lock in getsockopt() Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 02/22] powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 03/22] PCI: keystone: Fix interrupt-controller-node lookup Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 04/22] ip_tunnel: replace dst_cache with generic implementation Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 05/22] ip_tunnel: fix preempt warning in ip tunnel creation/updating Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 06/22] xtensa: fix high memory/reserved memory collision Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 07/22] scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 08/22] cfg80211: fix cfg80211_beacon_dup Greg Kroah-Hartman
2018-02-26 20:16 ` Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 09/22] iio: buffer: check if a buffer has been set up when poll is called Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 10/22] iio: adis_lib: Initialize trigger before requesting interrupt Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 11/22] x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 12/22] irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 13/22] usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 14/22] arm64: Disable unhandled signal log messages by default Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 15/22] Add delay-init quirk for Corsair K70 RGB keyboards Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 16/22] drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 17/22] usb: dwc3: gadget: Set maxpacket size for ep0 IN Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 18/22] usb: ldusb: add PIDs for new CASSY devices supported by this driver Greg Kroah-Hartman
2018-02-26 20:16 ` Greg Kroah-Hartman [this message]
2018-02-26 20:16 ` [PATCH 4.4 20/22] usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 21/22] drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) Greg Kroah-Hartman
2018-02-26 20:16 ` [PATCH 4.4 22/22] binder: add missing binder_unlock() Greg Kroah-Hartman
2018-02-27 0:08 ` [PATCH 4.4 00/22] 4.4.119-stable review Nathan Chancellor
2018-02-27 13:10 ` Greg Kroah-Hartman
2018-02-27 0:56 ` Shuah Khan
2018-02-27 4:18 ` kernelci.org bot
2018-02-27 5:18 ` [PATCH 4.4 23/22?] hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Mike Galbraith
2018-02-27 13:13 ` Greg Kroah-Hartman
2018-02-27 17:57 ` Mike Galbraith
2018-02-28 12:25 ` Greg Kroah-Hartman
2018-02-27 7:17 ` [PATCH 4.4 00/22] 4.4.119-stable review Naresh Kamboju
2018-02-27 10:56 ` Guenter Roeck
2018-02-27 18:33 ` Greg Kroah-Hartman
2018-02-27 14:55 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180226201559.576997613@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=felipe.balbi@linux.intel.com \
--cc=jackp@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mrana@codeaurora.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.