On 08/17/2016 09:45 AM, Johan Hovold wrote:
> On Wed, Aug 17, 2016 at 09:37:02AM +0300, Binyamin Sharet wrote:
>> Hi
>>
>> On 08/16/2016 06:04 PM, Johan Hovold wrote:
>>> On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote:
>>>> On Tue, 16 Aug 2016, Binyamin Sharet wrote:
>>>>
>>>>> Kernel version: raspberrypi 4.4.6-v7+ #871
>>>>> Driver source file: drivers/usb/serial/digi_acceleport.c
>>>>> Umap2 command line: umap2vsscan -P <PHY> -s 05c5:0002
>>>>>
>>>>> After connecting such a device, NULL pointer dereference in the kernel.
>>>>>
>>>>> Binyamin Sharet
>>>>> Cisco, STARE-C
>>>>>
>>>>> << Attached: 05c5_0002_dmesg.log >>
>>>> This looks like a bug in the digi_acceleport driver. digi_startup()
>>>> does this:
>>>>
>>>> serial_priv->ds_oob_port_num = serial->type->num_ports;
>>>> serial_priv->ds_oob_port = serial->port[serial_priv->ds_oob_port_num];
>>>>
>>>> Even without knowing exactly what this is supposed to be doing, one
>>>> gets the definite impression that the first line should be:
>>>>
>>>> serial_priv->ds_oob_port_num = serial->type->num_ports - 1;
>>>>
>>>> Johan?
>>> The out-of-band port is not included in num_ports so that should not be
>>> the issue here. The missing sanity checks for the endpoint layout were
>>> only recently added by
>>>
>>> 5a07975ad0a3 ("USB: digi_acceleport: do sanity checking for the
>>> number of ports")
>>>
>>> however, even if it has been included in 4.4-stable since 4.4.7.
>>>
>>> Binyamin, could you rerun your tests on the latest 4.4-stable kernel to
>>> make sure you're not reporting already fixed issues?
>> I have retested this issue with ubuntu 16.04, using kernel 4.7-rc2
>> which is the version that I was asked to test with on another issue
>> and it was not reproduced.
> You should be testing with 4.8-rc2, which is the latest mainline kernel.
>
> I mentioned latest 4.4-stable because I knew that the fix for this
> particular issue had been in 4.4-stable since 4.4.7.
>
>> In dmesg I see that OOB endpoint is missing, so I might need to
>> modify the descriptors a bit and try again.
> Great, thanks for confirming that this was likely an oops due to the
> missing sanity checks in 4.4.6, which have since been fixed in mainline
> as well as backported to the stable trees.
>
> Just let us know if you find anything else using 4.8-rc2.
>
> Thanks,
> Johan
same result on 4.8-rc2
--
Binyamin Sharet,
Cisco, STARE-C
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
