Hi,
Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx> writes:
> USB interface drivers need to check number of endpoints before trying to
> access/use them. Quite a few drivers only use the default setting
> (altsetting 0), so let's allow them to declare number of endpoints in
> altsetting 0 they require to operate and have USB core check it for us
> instead of having every driver implement check manually.
>
> For compatibility, if driver does not specify number of endpoints (i.e.
> number of endpoints is left at 0) we bypass the check in USB core and
> expect the driver perform necessary checks on its own.
>
> Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> ---
>
> Greg, if the patch is reasonable I wonder if I can take it through my
> tree, as I have a few drivers that do not check number of endpoints
> properly and will crash the kernel when specially crafted device is
> plugged in, as reported by Vladis Dronov.
>
> drivers/usb/core/driver.c | 9 +++++++++
> include/linux/usb.h | 7 +++++++
> 2 files changed, 16 insertions(+)
>
> diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
> index 6b5063e..d9f680d 100644
> --- a/drivers/usb/core/driver.c
> +++ b/drivers/usb/core/driver.c
> @@ -306,6 +306,15 @@ static int usb_probe_interface(struct device *dev)
>
> dev_dbg(dev, "%s - got id\n", __func__);
>
> + if (driver->num_endpoints &&
this part of the check is pointless, right ?
> + intf->altsetting[0].desc.bNumEndpoints < driver->num_endpoints) {
bNumEndpoints will never be less than 0 and if it is, we're gonna have
issues elsewhere anyway.
--
balbi
Attachment:
signature.asc
Description: PGP signature
