On 18.02.2016 20:29, Alan Stern wrote:
On Thu, 18 Feb 2016, Mathias Nyman wrote:An endpoint descriptor may be followed by both SuperSpeed and SuperSpeedPlus Isoc endpoint companion descriptors. These descriptors are all stored one after another in a buffer. The new SuperSpeedPlus Isoc endpoint companion parsing incorrectly decreased the the remaining buffer size before comparing the size with the expected length of the descriptor. This lead to possible failure in reading the SuperSpeed endpoint companion descriptor of the last endpoint, displaying an message like: "No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values" Fix it by decreasing the size after comparing it. Signed-off-by: Mathias Nyman <mathias.nyman@xxxxxxxxxxxxxxx> --- drivers/usb/core/config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c index 5eb1a87..47fb58c 100644 --- a/drivers/usb/core/config.c +++ b/drivers/usb/core/config.c @@ -76,7 +76,6 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, */ desc = (struct usb_ss_ep_comp_descriptor *) buffer; buffer += desc->bLength; - size -= desc->bLength; if (desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP || size < USB_DT_SS_EP_COMP_SIZE) { @@ -101,6 +100,7 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, return; } + size -= desc->bLength; memcpy(&ep->ss_ep_comp, desc, USB_DT_SS_EP_COMP_SIZE); /* Check the various values */It's generally better to change the two variables (buffer and size) at the same time. At least, that's what people expect to see. How about moving both statements down? Also, wouldn't it be better in the original patch to call usb_parse_ssp_isoc_endpoint_companion() after all the SS endpoint companion stuff is finished, instead of in the middle?
I completely missed this mail (subject didn't contain "xhci". I need to fix my filters) All points are valid, I'll resend -Mathias -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
