On Sat, May 22, 2021 at 01:24:54PM +0800, Hayes Wang wrote: > Verify some fields of the USB descriptor to make sure the driver > could be used by the device. > > Besides, remove the check of endpoint number in rtl8152_probe(). > It has been done in rtl_check_vendor_ok(). > > BugLink: https://syzkaller.appspot.com/bug?id=912c9c373656996801b4de61f1e3cb326fe940aa > Reported-by: syzbot+95afd23673f5dd295c57@xxxxxxxxxxxxxxxxxxxxxxxxx > Fixes: c2198943e33b ("r8152: search the configuration of vendor mode") > Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> > --- > v2: > Use usb_find_common_endpoints() and usb_endpoint_num() to replace original > code. Much better, just some tiny grammer changes below: > > remove the check of endpoint number in rtl8152_probe(). It has been done > in rtl_check_vendor_ok(). > > drivers/net/usb/r8152.c | 44 ++++++++++++++++++++++++++++++++++++----- > 1 file changed, 39 insertions(+), 5 deletions(-) > > diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c > index 136ea06540ff..6e5230d6c721 100644 > --- a/drivers/net/usb/r8152.c > +++ b/drivers/net/usb/r8152.c > @@ -8107,6 +8107,39 @@ static void r8156b_init(struct r8152 *tp) > tp->coalesce = 15000; /* 15 us */ > } > > +static bool rtl_check_vendor_ok(struct usb_interface *intf) > +{ > + struct usb_host_interface *alt = intf->cur_altsetting; > + struct usb_endpoint_descriptor *in, *out, *intr; > + > + if (alt->desc.bNumEndpoints < 3) { > + dev_err(&intf->dev, "Unexpected bNumEndpoints %d\n", alt->desc.bNumEndpoints); > + return false; > + } > + > + if (usb_find_common_endpoints(alt, &in, &out, &intr, NULL) < 0) { > + dev_err(&intf->dev, "Miss Endpoints\n"); "Miss" feels ackward, how about "Invalid number of endpoints"? > + return false; > + } > + > + if (usb_endpoint_num(in) != 1) { > + dev_err(&intf->dev, "Invalid Rx Endpoint\n"); "Invalid number of Rx endpoints" > + return false; > + } > + > + if (usb_endpoint_num(out) != 2) { > + dev_err(&intf->dev, "Invalid Tx Endpoint\n"); "Invalid number of RX endpoints" > + return false; > + } > + > + if (usb_endpoint_num(intr) != 3) { > + dev_err(&intf->dev, "Invalid interrupt Endpoint\n"); "Invalid number of interrupt endpoints" But really, this doesn't matter, all is good if you don't want to change this :) Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
