On Fri, Jan 18, 2019 at 02:29:31PM -0700, Shuah Khan wrote:
> From: Shuah Khan <shuah@xxxxxxxxxx>
>
> Fix vhci_urb_enqueue() to print error and return error instead of
> failing with WARN_ON.
>
> Signed-off-by: Shuah Khan <shuah@xxxxxxxxxx>
> ---
> drivers/usb/usbip/vhci_hcd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
> index 1e592ec94ba4..849ebfde87b5 100644
> --- a/drivers/usb/usbip/vhci_hcd.c
> +++ b/drivers/usb/usbip/vhci_hcd.c
> @@ -702,8 +702,10 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
> }
> vdev = &vhci_hcd->vdev[portnum-1];
>
> - /* patch to usb_sg_init() is in 2.5.60 */
> - BUG_ON(!urb->transfer_buffer && urb->transfer_buffer_length);
> + if (!urb->transfer_buffer && urb->transfer_buffer_length) {
> + dev_err(dev, "Null URB transfer buffer\n");
> + return -EINVAL;
> + }
Could that BUG_ON be hit by userspace somehow? Or is this just an
internal check for the api usage?
And sending out a 0 buffer length might be a valid thing (or at least a
crazy attempt at something), so you might want to make that dev_dbg() in
case userspace could trigger this to keep the log spam down.
thanks,
greg k-h
