On Thu, 23 Nov 2017, Oliver Neukum wrote: > USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. > Improve sanity checking. > > Reported-by: andreyknvl@xxxxxxxxxx This should be Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > --- > drivers/usb/core/devio.c | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c > index 705c573d0257..701ddada389a 100644 > --- a/drivers/usb/core/devio.c > +++ b/drivers/usb/core/devio.c > @@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb > int number_of_packets = 0; > unsigned int stream_id = 0; > void *buf; > - > - if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | > - USBDEVFS_URB_SHORT_NOT_OK | > + unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK | > USBDEVFS_URB_BULK_CONTINUATION | > USBDEVFS_URB_NO_FSBR | > - USBDEVFS_URB_ZERO_PACKET | > - USBDEVFS_URB_NO_INTERRUPT)) > - return -EINVAL; > + USBDEVFS_URB_ZERO_PACKET | Extra whitespace at end of line (doesn't checkpatch.pl catch this)? > + USBDEVFS_URB_NO_INTERRUPT; > + /* USBDEVFS_URB_ISO_ASAP is a special case */ > + if (uurb->type == USBDEVFS_URB_TYPE_ISO) > + mask |= USBDEVFS_URB_ISO_ASAP; > + > + if (uurb->flags & ~mask) > + return -EINVAL; > + > if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX) > return -EINVAL; > if (uurb->buffer_length > 0 && !uurb->buffer) Aside from these issues: Acked-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> Alan Stern