From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com>,
Malcolm Priestley <tvboxspy@gmail.com>,
Mauro Carvalho Chehab <mchehab@s-opensource.com>,
Ben Hutchings <ben.hutchings@codethink.co.uk>
Subject: [PATCH 4.9 12/88] media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
Date: Thu, 15 Feb 2018 16:16:39 +0100 [thread overview]
Message-ID: <20180215151224.402009234@linuxfoundation.org> (raw)
In-Reply-To: <20180215151222.437136975@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Malcolm Priestley <tvboxspy@gmail.com>
commit 3d932ee27e852e4904647f15b64dedca51187ad7 upstream.
Warm start has no check as whether a genuine device has
connected and proceeds to next execution path.
Check device should read 0x47 at offset of 2 on USB descriptor read
and it is the amount requested of 6 bytes.
Fix for
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access as
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb-v2/lmedm04.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
--- a/drivers/media/usb/dvb-usb-v2/lmedm04.c
+++ b/drivers/media/usb/dvb-usb-v2/lmedm04.c
@@ -504,18 +504,23 @@ static int lme2510_pid_filter(struct dvb
static int lme2510_return_status(struct dvb_usb_device *d)
{
- int ret = 0;
+ int ret;
u8 *data;
- data = kzalloc(10, GFP_KERNEL);
+ data = kzalloc(6, GFP_KERNEL);
if (!data)
return -ENOMEM;
- ret |= usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0),
- 0x06, 0x80, 0x0302, 0x00, data, 0x0006, 200);
- info("Firmware Status: %x (%x)", ret , data[2]);
+ ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0),
+ 0x06, 0x80, 0x0302, 0x00,
+ data, 0x6, 200);
+ if (ret != 6)
+ ret = -EINVAL;
+ else
+ ret = data[2];
+
+ info("Firmware Status: %6ph", data);
- ret = (ret < 0) ? -ENODEV : data[2];
kfree(data);
return ret;
}
@@ -1200,6 +1205,7 @@ static int lme2510_get_adapter_count(str
static int lme2510_identify_state(struct dvb_usb_device *d, const char **name)
{
struct lme2510_state *st = d->priv;
+ int status;
usb_reset_configuration(d->udev);
@@ -1208,12 +1214,16 @@ static int lme2510_identify_state(struct
st->dvb_usb_lme2510_firmware = dvb_usb_lme2510_firmware;
- if (lme2510_return_status(d) == 0x44) {
+ status = lme2510_return_status(d);
+ if (status == 0x44) {
*name = lme_firmware_switch(d, 0);
return COLD;
}
- return 0;
+ if (status != 0x47)
+ return -EINVAL;
+
+ return WARM;
}
static int lme2510_get_stream_config(struct dvb_frontend *fe, u8 *ts_type,
next prev parent reply other threads:[~2018-02-15 15:16 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-15 15:16 [PATCH 4.9 00/88] 4.9.82-stable review Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 01/88] powerpc/pseries: include linux/types.h in asm/hvcall.h Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 02/88] cifs: Fix missing put_xid in cifs_file_strict_mmap Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 03/88] cifs: Fix autonegotiate security settings mismatch Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 04/88] CIFS: zero sensitive data when freeing Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 05/88] dmaengine: dmatest: fix container_of member in dmatest_callback Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 06/88] kaiser: fix compile error without vsyscall Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 07/88] posix-timer: Properly check sigevent->sigev_notify Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 08/88] usb: gadget: uvc: Missing files for configfs interface Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 09/88] sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 10/88] sched/rt: Up the root domain ref count when passing it around via IPIs Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 11/88] dccp: CVE-2017-8824: use-after-free in DCCP code Greg Kroah-Hartman
2018-02-15 15:16 ` Greg Kroah-Hartman [this message]
2018-02-15 15:16 ` [PATCH 4.9 13/88] media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 14/88] media: hdpvr: Fix an error handling path in hdpvr_probe() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 15/88] mtd: cfi: convert inline functions to macros Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 16/88] mtd: nand: brcmnand: Disable prefetch by default Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 17/88] mtd: nand: Fix nand_do_read_oob() return value Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 18/88] mtd: nand: sunxi: Fix ECC strength choice Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 19/88] ubi: fastmap: Erase outdated anchor PEBs during attach Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 20/88] ubi: block: Fix locking for idr_alloc/idr_remove Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 21/88] ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 22/88] nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 23/88] NFS: Add a cond_resched() to nfs_commit_release_pages() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 24/88] NFS: commit direct writes even if they fail partially Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 25/88] NFS: reject request for id_legacy key without auxdata Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 26/88] NFS: Fix a race between mmap() and O_DIRECT Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 27/88] kernfs: fix regression in kernfs_fop_write caused by wrong type Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 28/88] ahci: Annotate PCI ids for mobile Intel chipsets as such Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 29/88] ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 30/88] ahci: Add Intel Cannon Lake PCH-H PCI ID Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 31/88] crypto: hash - introduce crypto_hash_alg_has_setkey() Greg Kroah-Hartman
2018-02-15 15:16 ` [PATCH 4.9 32/88] crypto: cryptd - pass through absence of ->setkey() Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 33/88] crypto: mcryptd " Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 34/88] crypto: poly1305 - remove ->setkey() method Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 35/88] nsfs: mark dentry with DCACHE_RCUACCESS Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 36/88] media: v4l2-ioctl.c: dont copy back the result for -ENOTTY Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 37/88] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 38/88] media: v4l2-compat-ioctl32.c: fix the indentation Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 39/88] media: v4l2-compat-ioctl32.c: move helper functions to __get/put_v4l2_format32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 40/88] media: v4l2-compat-ioctl32.c: avoid sizeof(type) Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 41/88] media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 42/88] media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 43/88] media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 44/88] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 45/88] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 46/88] media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 47/88] media: v4l2-compat-ioctl32.c: dont copy back the result for certain errors Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 48/88] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 49/88] crypto: caam - fix endless loop when DECO acquire fails Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 50/88] crypto: sha512-mb - initialize pending lengths correctly Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 51/88] crypto: talitos - fix Kernel Oops on hashing an empty file Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 52/88] arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 53/88] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 54/88] KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 55/88] ASoC: rockchip: i2s: fix playback after runtime resume Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 56/88] ASoC: skl: Fix kernel warning due to zero NHTL entry Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 57/88] watchdog: imx2_wdt: restore previous timeout after suspend+resume Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 58/88] media: dvb-frontends: fix i2c access helpers for KASAN Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 59/88] media: ts2020: avoid integer overflows on 32 bit machines Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 60/88] media: cxusb, dib0700: ignore XC2028_I2C_FLUSH Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 61/88] fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 62/88] kernel/async.c: revert "async: simplify lowest_in_progress()" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 63/88] kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 64/88] pipe: actually allow root to exceed the pipe buffer limits Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 65/88] pipe: fix off-by-one error when checking " Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 66/88] HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 67/88] Bluetooth: btsdio: Do not bind to non-removable BCM43341 Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 68/88] Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 69/88] Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 70/88] signal/openrisc: Fix do_unaligned_access to send the proper signal Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 71/88] signal/sh: Ensure si_signo is initialized in do_divide_error Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 72/88] alpha: fix crash if pthread_create races with signal delivery Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 73/88] alpha: fix reboot on Avanti platform Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 74/88] alpha: fix formating of stack content Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 75/88] xtensa: fix futex_atomic_cmpxchg_inatomic Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 76/88] EDAC, octeon: Fix an uninitialized variable warning Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 77/88] pinctrl: intel: Initialize GPIO properly when used through irqchip Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 78/88] pktcdvd: Fix pkt_setup_dev() error path Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 79/88] clocksource/drivers/stm32: Fix kernel panic with multiple timers Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 80/88] lib/ubsan.c: s/missaligned/misaligned/ Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 81/88] lib/ubsan: add type mismatch handler for new GCC/Clang Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 82/88] btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 83/88] drm/i915: Avoid PPS HW/SW state mismatch due to rounding Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 84/88] ACPI: sbshc: remove raw pointer from printk() message Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 85/88] acpi, nfit: fix register dimm error handling Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 86/88] ovl: fix failure to fsync lower dir Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 87/88] mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy Greg Kroah-Hartman
2018-02-15 15:17 ` [PATCH 4.9 88/88] ftrace: Remove incorrect setting of glob search field Greg Kroah-Hartman
2018-02-15 22:01 ` [PATCH 4.9 00/88] 4.9.82-stable review Shuah Khan
2018-02-15 22:36 ` kernelci.org bot
2018-02-16 6:00 ` Naresh Kamboju
2018-02-16 14:19 ` Guenter Roeck
2018-02-16 19:21 ` Greg Kroah-Hartman
2018-02-16 19:54 ` Greg Kroah-Hartman
2018-02-16 20:25 ` Greg Kroah-Hartman
2018-02-16 20:39 ` Guenter Roeck
2018-02-16 20:44 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180215151224.402009234@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andreyknvl@google.com \
--cc=ben.hutchings@codethink.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@s-opensource.com \
--cc=stable@vger.kernel.org \
--cc=tvboxspy@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).