On Wed, Aug 17, 2016 at 09:37:02AM +0300, Binyamin Sharet wrote:
> Hi
>
> On 08/16/2016 06:04 PM, Johan Hovold wrote:
> > On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote:
> >> On Tue, 16 Aug 2016, Binyamin Sharet wrote:
> >>
> >>> Kernel version: raspberrypi 4.4.6-v7+ #871
> >>> Driver source file: drivers/usb/serial/digi_acceleport.c
> >>> Umap2 command line: umap2vsscan -P <PHY> -s 05c5:0002
> >>>
> >>> After connecting such a device, NULL pointer dereference in the kernel.
> >>>
> >>> Binyamin Sharet
> >>> Cisco, STARE-C
> >>>
> >>> << Attached: 05c5_0002_dmesg.log >>
> >> This looks like a bug in the digi_acceleport driver. digi_startup()
> >> does this:
> >>
> >> serial_priv->ds_oob_port_num = serial->type->num_ports;
> >> serial_priv->ds_oob_port = serial->port[serial_priv->ds_oob_port_num];
> >>
> >> Even without knowing exactly what this is supposed to be doing, one
> >> gets the definite impression that the first line should be:
> >>
> >> serial_priv->ds_oob_port_num = serial->type->num_ports - 1;
> >>
> >> Johan?
> > The out-of-band port is not included in num_ports so that should not be
> > the issue here. The missing sanity checks for the endpoint layout were
> > only recently added by
> >
> > 5a07975ad0a3 ("USB: digi_acceleport: do sanity checking for the
> > number of ports")
> >
> > however, even if it has been included in 4.4-stable since 4.4.7.
> >
> > Binyamin, could you rerun your tests on the latest 4.4-stable kernel to
> > make sure you're not reporting already fixed issues?
>
> I have retested this issue with ubuntu 16.04, using kernel 4.7-rc2
> which is the version that I was asked to test with on another issue
> and it was not reproduced.
You should be testing with 4.8-rc2, which is the latest mainline kernel.
I mentioned latest 4.4-stable because I knew that the fix for this
particular issue had been in 4.4-stable since 4.4.7.
> In dmesg I see that OOB endpoint is missing, so I might need to
> modify the descriptors a bit and try again.
Great, thanks for confirming that this was likely an oops due to the
missing sanity checks in 4.4.6, which have since been fixed in mainline
as well as backported to the stable trees.
Just let us know if you find anything else using 4.8-rc2.
Thanks,
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
