On Tue, Jan 12, 2016 at 10:16:35AM +0100, Vladis Dronov wrote: > The visor driver crashes in clie_5_attach() when a specially crafted USB > device without bulk-out endpoint is detected. This fix adds a check that > the device has proper configuration expected by the driver. Also error > message output is added to the one of the error paths. Thanks for the patch. > Reported-by: Ralf Spenneberg <ralf@xxxxxxxxxxxxxx> > Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx> > --- > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1296466 > patch-v2: codestyle fix > > drivers/usb/serial/visor.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c > index 60afb39..6cb0e03 100644 > --- a/drivers/usb/serial/visor.c > +++ b/drivers/usb/serial/visor.c > @@ -584,6 +584,7 @@ static int treo_attach(struct usb_serial *serial) > > static int clie_5_attach(struct usb_serial *serial) > { > + struct device *dev = &serial->dev->dev; > struct usb_serial_port *port; > unsigned int pipe; > int j; > @@ -597,8 +598,11 @@ static int clie_5_attach(struct usb_serial *serial) > */ > > /* some sanity check */ > - if (serial->num_ports < 2) > + if (serial->num_ports < 2) { > + dev_err(dev, "%s: number of ports %d is less than 2\n", > + __func__, serial->num_ports); Skip __func__, and just use something like "missing endpoints\n". > return -1; > + } Ideally, this should have been done already at probe, but we already have some incomplete checks here that we should extend. Specifically, you should just verify that both ports have a bulk-out endpoint here, e.g.: if (serial->num_ports < 2 || !serial->port[0].bulk_out_size || !serial->port[1].bulk_out_size) return -ENODEV; Then core will make sure that the structures needed below are in place. Thanks, Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
