bInterval must be within the range 1 - 16
when running at High/Super speed, and within
the range 1 - 255 when running at Full/Low speed.
In order to catch drivers passing a too
large bInterval on Super/High speed scenarios
(thus overflowing urb->interval), let's clamp()
the argument to the allowed ranges.
Signed-off-by: Felipe Balbi <balbi@xxxxxx>
---
include/linux/usb.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/linux/usb.h b/include/linux/usb.h
index a232b7e..0b19e4b 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -1545,10 +1545,16 @@ static inline void usb_fill_int_urb(struct urb *urb,
urb->transfer_buffer_length = buffer_length;
urb->complete = complete_fn;
urb->context = context;
- if (dev->speed == USB_SPEED_HIGH || dev->speed == USB_SPEED_SUPER)
+
+ if (dev->speed == USB_SPEED_HIGH || dev->speed == USB_SPEED_SUPER) {
+ /* make sure interval is within allowed range */
+ interval = clamp(interval, 1, 16);
+
urb->interval = 1 << (interval - 1);
- else
+ } else {
urb->interval = interval;
+ }
+
urb->start_frame = -1;
}
--
1.8.2.1
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
