USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking.
Signed-off-by: Oliver Neukum oneukum@suse.com --- drivers/usb/core/devio.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 705c573d0257..701ddada389a 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb int number_of_packets = 0; unsigned int stream_id = 0; void *buf; - - if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | - USBDEVFS_URB_SHORT_NOT_OK | + unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK | USBDEVFS_URB_BULK_CONTINUATION | USBDEVFS_URB_NO_FSBR | - USBDEVFS_URB_ZERO_PACKET | - USBDEVFS_URB_NO_INTERRUPT)) - return -EINVAL; + USBDEVFS_URB_ZERO_PACKET | + USBDEVFS_URB_NO_INTERRUPT; + /* USBDEVFS_URB_ISO_ASAP is a special case */ + if (uurb->type == USBDEVFS_URB_TYPE_ISO) + mask |= USBDEVFS_URB_ISO_ASAP; + + if (uurb->flags & ~mask) + return -EINVAL; + if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX) return -EINVAL; if (uurb->buffer_length > 0 && !uurb->buffer)
On Thu, Nov 23, 2017 at 03:28:34PM +0100, Oliver Neukum wrote:
USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking.
Signed-off-by: Oliver Neukum oneukum@suse.com
drivers/usb/core/devio.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
Didn't we do something like this already?
Or was it something else? Was this triggered by some testing?
thanks,
greg k-h
Am Donnerstag, den 23.11.2017, 15:57 +0100 schrieb Greg KH:
On Thu, Nov 23, 2017 at 03:28:34PM +0100, Oliver Neukum wrote:
USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking.
Signed-off-by: Oliver Neukum oneukum@suse.com
drivers/usb/core/devio.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
Didn't we do something like this already?
I sent a patch. Alan found it insufficient.
Or was it something else? Was this triggered by some testing?
Alexey's syzkaller tests showed that you can trigger it.
Regards Oliver
On Thu, Nov 23, 2017 at 04:06:28PM +0100, Oliver Neukum wrote:
Am Donnerstag, den 23.11.2017, 15:57 +0100 schrieb Greg KH:
On Thu, Nov 23, 2017 at 03:28:34PM +0100, Oliver Neukum wrote:
USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking.
Signed-off-by: Oliver Neukum oneukum@suse.com
drivers/usb/core/devio.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
Didn't we do something like this already?
I sent a patch. Alan found it insufficient.
Ah, ok.
Or was it something else? Was this triggered by some testing?
Alexey's syzkaller tests showed that you can trigger it.
Then a nice "Reported-by:" would be good to add, as would a stable tree inclusion, right?
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Oliver Neukum