From: Greg KH <greg@kroah.com>
To: Johan Hovold <johan@kernel.org>
Cc: linux-usb@vger.kernel.org, stable <stable@vger.kernel.org>
Subject: Re: [PATCH 01/24] USB: serial: cyberjack: fix NULL-deref at open
Date: Tue, 3 Jan 2017 17:27:07 +0100 [thread overview]
Message-ID: <20170103162707.GA22451@kroah.com> (raw)
In-Reply-To: <20170103154003.31860-2-johan@kernel.org>
On Tue, Jan 03, 2017 at 04:39:40PM +0100, Johan Hovold wrote:
> Fix NULL-pointer dereference when clearing halt at open should the device
> lack a bulk-out endpoint.
>
> Unable to handle kernel NULL pointer dereference at virtual address 00000030
> ...
> PC is at cyberjack_open+0x40/0x9c [cyberjack]
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable <stable@vger.kernel.org>
> Signed-off-by: Johan Hovold <johan@kernel.org>
> ---
> drivers/usb/serial/cyberjack.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/drivers/usb/serial/cyberjack.c b/drivers/usb/serial/cyberjack.c
> index 5f17a3b9916d..80260b08398b 100644
> --- a/drivers/usb/serial/cyberjack.c
> +++ b/drivers/usb/serial/cyberjack.c
> @@ -50,6 +50,7 @@
> #define CYBERJACK_PRODUCT_ID 0x0100
>
> /* Function prototypes */
> +static int cyberjack_attach(struct usb_serial *serial);
> static int cyberjack_port_probe(struct usb_serial_port *port);
> static int cyberjack_port_remove(struct usb_serial_port *port);
> static int cyberjack_open(struct tty_struct *tty,
> @@ -77,6 +78,7 @@ static struct usb_serial_driver cyberjack_device = {
> .description = "Reiner SCT Cyberjack USB card reader",
> .id_table = id_table,
> .num_ports = 1,
> + .attach = cyberjack_attach,
> .port_probe = cyberjack_port_probe,
> .port_remove = cyberjack_port_remove,
> .open = cyberjack_open,
> @@ -100,6 +102,14 @@ struct cyberjack_private {
> short wrsent; /* Data already sent */
> };
>
> +static int cyberjack_attach(struct usb_serial *serial)
> +{
> + if (serial->num_bulk_out < serial->num_ports)
> + return -ENODEV;
> +
> + return 0;
> +}
You end up doing much the same thing for most of these drivers, is there
any way to do it in the usb-serial core instead?
I've been playing with an idea to have a USB driver specify the number
and types of endpoints it requires and have the core just not even call
the probe function if that doesn't match up. That should solve lots of
these issues, can't you do much the same type of thing here instead of
requiring a callback to do this?
Hm, but you want to match up the number of ports with the number of
bulk endpoint pairs. That's tricky...
Anyway, I guess this is ok, I just get worried when I see a bunch of the
same changes in a bunch of different drivers.
thanks,
greg k-h
next prev parent reply other threads:[~2017-01-03 16:27 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20170103154003.31860-1-johan@kernel.org>
2017-01-03 15:39 ` [PATCH 01/24] USB: serial: cyberjack: fix NULL-deref at open Johan Hovold
2017-01-03 16:27 ` Greg KH [this message]
2017-01-03 16:48 ` Johan Hovold
2017-01-03 16:55 ` Greg KH
2017-01-03 15:39 ` [PATCH 02/24] USB: serial: garmin_gps: fix memory leak on failed URB submit Johan Hovold
2017-01-03 15:39 ` [PATCH 03/24] USB: serial: io_edgeport: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 04/24] USB: serial: io_ti: " Johan Hovold
2017-01-03 15:39 ` [PATCH 05/24] USB: serial: io_ti: fix another " Johan Hovold
2017-01-03 15:39 ` [PATCH 06/24] USB: serial: io_ti: fix I/O after disconnect Johan Hovold
2017-01-03 15:39 ` [PATCH 08/24] USB: serial: iuu_phoenix: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 09/24] USB: serial: keyspan_pda: verify endpoints at probe Johan Hovold
2017-01-03 15:39 ` [PATCH 10/24] USB: serial: kobil_sct: fix NULL-deref in write Johan Hovold
2017-01-03 15:39 ` [PATCH 11/24] USB: serial: mos7720: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 12/24] USB: serial: mos7720: fix use-after-free on probe errors Johan Hovold
2017-01-03 15:39 ` [PATCH 13/24] USB: serial: mos7720: fix parport " Johan Hovold
2017-01-03 15:39 ` [PATCH 14/24] USB: serial: mos7720: fix parallel probe Johan Hovold
2017-01-03 15:39 ` [PATCH 16/24] USB: serial: mos7840: fix NULL-deref at open Johan Hovold
2017-01-03 15:39 ` [PATCH 19/24] USB: serial: omninet: fix NULL-derefs at open and disconnect Johan Hovold
2017-01-03 15:39 ` [PATCH 20/24] USB: serial: oti6858: fix NULL-deref at open Johan Hovold
2017-01-03 15:40 ` [PATCH 21/24] USB: serial: pl2303: " Johan Hovold
2017-01-03 15:40 ` [PATCH 22/24] USB: serial: quatech2: fix sleep-while-atomic in close Johan Hovold
2017-01-03 15:40 ` [PATCH 23/24] USB: serial: spcp8x5: fix NULL-deref at open Johan Hovold
2017-01-03 15:40 ` [PATCH 24/24] USB: serial: ti_usb_3410_5052: " Johan Hovold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103162707.GA22451@kroah.com \
--to=greg@kroah.com \
--cc=johan@kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).