usb_maxpacket() looks up the endpoint number in the pipe which can fail
if the interface or configuration changes before the routine is called.
This is unexpected and may even cause a modulo by zero afterwards.
So use usb_endpoint_maxp() routine which uses the endpoint stored in URB
to get the maxpacket.
Addresses-Coverity: 744857 ("Division or modulo by zero")
Addresses-Coverity: 1487371 ("Division or modulo by zero")
Suggested-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Khalid Masum <khalid.masum.92@xxxxxxxxx>
---
Changes since v1:
- Update commit description
- Use usb_endpoint_maxp() instead of checking whether getting maxpacket
failed
- Link: https://lore.kernel.org/lkml/20220823182758.13401-1-khalid.masum.92@xxxxxxxxx/
drivers/usb/host/ehci-q.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
index 807e64991e3e..666f5c4db25a 100644
--- a/drivers/usb/host/ehci-q.c
+++ b/drivers/usb/host/ehci-q.c
@@ -645,7 +645,7 @@ qh_urb_transaction (
token |= (1 /* "in" */ << 8);
/* else it's already initted to "out" pid (0 << 8) */
- maxpacket = usb_maxpacket(urb->dev, urb->pipe);
+ maxpacket = usb_endpoint_maxp(&urb->ep->desc);
/*
* buffer gets wrapped in one or more qtds;
@@ -1218,7 +1218,7 @@ static int ehci_submit_single_step_set_feature(
token |= (1 /* "in" */ << 8); /*This is IN stage*/
- maxpacket = usb_maxpacket(urb->dev, urb->pipe);
+ maxpacket = usb_endpoint_maxp(&urb->ep->desc);
qtd_fill(ehci, qtd, buf, len, token, maxpacket);
--
2.37.1
