iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3496810663
linux/drivers/usb
History
AMAN DEEP 3496810663 usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function 
virt_dev->num_cached_rings counts on freed ring and is not updated
correctly. In xhci_free_or_cache_endpoint_ring() function, the free ring
is added into cache and then num_rings_cache is incremented as below:
		virt_dev->ring_cache[rings_cached] =
			virt_dev->eps[ep_index].ring;
		virt_dev->num_rings_cached++;
here, free ring pointer is added to a current index and then
index is incremented.
So current index always points to empty location in the ring cache.
For getting available free ring, current index should be decremented
first and then corresponding ring buffer value should be taken from ring
cache.

But In function xhci_endpoint_init(), the num_rings_cached index is
accessed before decrement.
		virt_dev->eps[ep_index].new_ring =
			virt_dev->ring_cache[virt_dev->num_rings_cached];
		virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL;
		virt_dev->num_rings_cached--;
This is bug in manipulating the index of ring cache.
And it should be as below:
		virt_dev->num_rings_cached--;
		virt_dev->eps[ep_index].new_ring =
			virt_dev->ring_cache[virt_dev->num_rings_cached];
		virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL;

Cc: <stable@vger.kernel.org>
Signed-off-by: Aman Deep <aman.deep@samsung.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-07-22 14:19:36 -07:00
..
atm Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
c67x00 c67x00-hcd: use USB_DT_HUB 2015-04-03 19:03:16 +02:00
chipidea USB Chipidea update for v4.2-rc1 2015-06-10 18:18:10 -07:00
class cdc-acm: Add support of ATOL FPrint fiscal printers 2015-06-08 14:01:13 -07:00
common usb: ulpi: ulpi_init should be executed in subsys_initcall 2015-07-20 12:57:46 -05:00
core usb: patches for v4.2 merge window 2015-06-02 10:47:03 +09:00
dwc2 usb: dwc2: embed storage for reg backup in struct dwc2_hsotg 2015-07-06 12:34:08 -05:00
dwc3 usb: dwc3: Reset the transfer resource index on SET_INTERFACE 2015-07-22 08:52:42 -05:00
early
gadget usb: gadget: udc: core: Fix argument of dma_map_single for IOMMU 2015-07-20 12:57:46 -05:00
host usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function 2015-07-22 14:19:36 -07:00
image scsi: Do not set cmd_per_lun to 1 in the host template 2015-05-31 18:06:28 -07:00
isp1760 usb: isp1760: check for null return from kzalloc 2015-06-08 14:25:04 -07:00
misc USB patches for 4.2-rc1 2015-06-26 15:59:26 -07:00
mon USB: mon_stat.c: move assignment out of if () block 2015-05-10 16:01:11 +02:00
musb usb: musb: host: rely on port_mode to call musb_start() 2015-07-06 12:34:07 -05:00
phy usb: phy: mxs: suspend to RAM causes NULL pointer dereference 2015-07-06 12:34:08 -05:00
renesas_usbhs usb: patches for v4.2 merge window 2015-06-02 10:47:03 +09:00
serial USB: serial: Destroy serial_minors IDR on module exit 2015-07-09 10:41:23 +02:00
storage USB patches for 4.2-rc1 2015-06-26 15:59:26 -07:00
usbip usbip: vhci_hcd: use USB_DT_HUB 2015-04-03 19:03:15 +02:00
wusbcore wusbcore: rh: use USB_DT_HUB 2015-04-03 19:03:15 +02:00
Kconfig usb: isp1760: Move driver from drivers/usb/host/ to drivers/usb/isp1760/ 2015-01-27 09:39:38 -06:00
Makefile usb: load usb phy earlier 2015-03-18 17:25:16 +01:00
README
usb-skeleton.c

README 

To understand all the Linux-USB framework, you'll use these resources:

    * This source code.  This is necessarily an evolving work, and
      includes kerneldoc that should help you get a current overview.
      ("make pdfdocs", and then look at "usb.pdf" for host side and
      "gadget.pdf" for peripheral side.)  Also, Documentation/usb has
      more information.

    * The USB 2.0 specification (from www.usb.org), with supplements
      such as those for USB OTG and the various device classes.
      The USB specification has a good overview chapter, and USB
      peripherals conform to the widely known "Chapter 9".

    * Chip specifications for USB controllers.  Examples include
      host controllers (on PCs, servers, and more); peripheral
      controllers (in devices with Linux firmware, like printers or
      cell phones); and hard-wired peripherals like Ethernet adapters.

    * Specifications for other protocols implemented by USB peripheral
      functions.  Some are vendor-specific; others are vendor-neutral
      but just standardized outside of the www.usb.org team.

Here is a list of what each subdirectory here is, and what is contained in
them.

core/		- This is for the core USB host code, including the
		  usbfs files and the hub class driver ("hub_wq").

host/		- This is for USB host controller drivers.  This
		  includes UHCI, OHCI, EHCI, and others that might
		  be used with more specialized "embedded" systems.

gadget/		- This is for USB peripheral controller drivers and
		  the various gadget drivers which talk to them.


Individual USB driver directories.  A new driver should be added to the
first subdirectory in the list below that it fits into.

image/		- This is for still image drivers, like scanners or
		  digital cameras.
../input/	- This is for any driver that uses the input subsystem,
		  like keyboard, mice, touchscreens, tablets, etc.
../media/	- This is for multimedia drivers, like video cameras,
		  radios, and any other drivers that talk to the v4l
		  subsystem.
../net/		- This is for network drivers.
serial/		- This is for USB to serial drivers.
storage/	- This is for USB mass-storage drivers.
class/		- This is for all USB device drivers that do not fit
		  into any of the above categories, and work for a range
		  of USB Class specified devices. 
misc/		- This is for all USB device drivers that do not fit
		  into any of the above categories.