bInterval must be within the range 1 - 16, in order to catch drivers passing a too large bInterval (thus zeroing urb->interval), let's clamp() the argument to the allowed range. Signed-off-by: Felipe Balbi <balbi@xxxxxx> --- include/linux/usb.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/usb.h b/include/linux/usb.h index a232b7e..0883e3a 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h @@ -1545,6 +1545,10 @@ static inline void usb_fill_int_urb(struct urb *urb, urb->transfer_buffer_length = buffer_length; urb->complete = complete_fn; urb->context = context; + + /* make sure interval is within allowed range */ + interval = clamp(interval, 1, 16); + if (dev->speed == USB_SPEED_HIGH || dev->speed == USB_SPEED_SUPER) urb->interval = 1 << (interval - 1); else -- 1.8.2.1 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
