All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCHv2] USB: usbfs: Filter flags passed in from user space
@ 2017-11-23 15:39 Oliver Neukum
  2017-11-23 15:53 ` Alan Stern
  0 siblings, 1 reply; 3+ messages in thread
From: Oliver Neukum @ 2017-11-23 15:39 UTC (permalink / raw)
  To: gregKH, linux-usb; +Cc: Oliver Neukum, stable

USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints.
Improve sanity checking.

Reported-by: andreyknvl@google.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
CC: stable@vger.kernel.org
---
 drivers/usb/core/devio.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 705c573d0257..701ddada389a 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
 	int number_of_packets = 0;
 	unsigned int stream_id = 0;
 	void *buf;
-
-	if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
-				USBDEVFS_URB_SHORT_NOT_OK |
+	unsigned long mask =	USBDEVFS_URB_SHORT_NOT_OK |
 				USBDEVFS_URB_BULK_CONTINUATION |
 				USBDEVFS_URB_NO_FSBR |
-				USBDEVFS_URB_ZERO_PACKET |
-				USBDEVFS_URB_NO_INTERRUPT))
-		return -EINVAL;
+				USBDEVFS_URB_ZERO_PACKET | 
+				USBDEVFS_URB_NO_INTERRUPT;
+	/* USBDEVFS_URB_ISO_ASAP is a special case */
+	if (uurb->type == USBDEVFS_URB_TYPE_ISO)
+		mask |= USBDEVFS_URB_ISO_ASAP;
+
+	if (uurb->flags & ~mask)
+			return -EINVAL;
+
 	if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
 		return -EINVAL;
 	if (uurb->buffer_length > 0 && !uurb->buffer)
-- 
2.13.6

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCHv2] USB: usbfs: Filter flags passed in from user space
  2017-11-23 15:39 [PATCHv2] USB: usbfs: Filter flags passed in from user space Oliver Neukum
@ 2017-11-23 15:53 ` Alan Stern
  2017-11-28 14:02   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Alan Stern @ 2017-11-23 15:53 UTC (permalink / raw)
  To: Oliver Neukum; +Cc: gregKH, linux-usb, stable

On Thu, 23 Nov 2017, Oliver Neukum wrote:

> USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints.
> Improve sanity checking.
> 
> Reported-by: andreyknvl@google.com

This should be

Reported-by: Andrey Konovalov <andreyknvl@google.com>

> Signed-off-by: Oliver Neukum <oneukum@suse.com>
> CC: stable@vger.kernel.org
> ---
>  drivers/usb/core/devio.c | 16 ++++++++++------
>  1 file changed, 10 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index 705c573d0257..701ddada389a 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
>  	int number_of_packets = 0;
>  	unsigned int stream_id = 0;
>  	void *buf;
> -
> -	if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
> -				USBDEVFS_URB_SHORT_NOT_OK |
> +	unsigned long mask =	USBDEVFS_URB_SHORT_NOT_OK |
>  				USBDEVFS_URB_BULK_CONTINUATION |
>  				USBDEVFS_URB_NO_FSBR |
> -				USBDEVFS_URB_ZERO_PACKET |
> -				USBDEVFS_URB_NO_INTERRUPT))
> -		return -EINVAL;
> +				USBDEVFS_URB_ZERO_PACKET | 

Extra whitespace at end of line (doesn't checkpatch.pl catch this)?

> +				USBDEVFS_URB_NO_INTERRUPT;
> +	/* USBDEVFS_URB_ISO_ASAP is a special case */
> +	if (uurb->type == USBDEVFS_URB_TYPE_ISO)
> +		mask |= USBDEVFS_URB_ISO_ASAP;
> +
> +	if (uurb->flags & ~mask)
> +			return -EINVAL;
> +
>  	if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
>  		return -EINVAL;
>  	if (uurb->buffer_length > 0 && !uurb->buffer)

Aside from these issues:

Acked-by: Alan Stern <stern@rowland.harvard.edu>

Alan Stern

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCHv2] USB: usbfs: Filter flags passed in from user space
  2017-11-23 15:53 ` Alan Stern
@ 2017-11-28 14:02   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2017-11-28 14:02 UTC (permalink / raw)
  To: Alan Stern; +Cc: Oliver Neukum, linux-usb, stable

On Thu, Nov 23, 2017 at 10:53:13AM -0500, Alan Stern wrote:
> On Thu, 23 Nov 2017, Oliver Neukum wrote:
> 
> > USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints.
> > Improve sanity checking.
> > 
> > Reported-by: andreyknvl@google.com
> 
> This should be
> 
> Reported-by: Andrey Konovalov <andreyknvl@google.com>
> 
> > Signed-off-by: Oliver Neukum <oneukum@suse.com>
> > CC: stable@vger.kernel.org
> > ---
> >  drivers/usb/core/devio.c | 16 ++++++++++------
> >  1 file changed, 10 insertions(+), 6 deletions(-)
> > 
> > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> > index 705c573d0257..701ddada389a 100644
> > --- a/drivers/usb/core/devio.c
> > +++ b/drivers/usb/core/devio.c
> > @@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
> >  	int number_of_packets = 0;
> >  	unsigned int stream_id = 0;
> >  	void *buf;
> > -
> > -	if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
> > -				USBDEVFS_URB_SHORT_NOT_OK |
> > +	unsigned long mask =	USBDEVFS_URB_SHORT_NOT_OK |
> >  				USBDEVFS_URB_BULK_CONTINUATION |
> >  				USBDEVFS_URB_NO_FSBR |
> > -				USBDEVFS_URB_ZERO_PACKET |
> > -				USBDEVFS_URB_NO_INTERRUPT))
> > -		return -EINVAL;
> > +				USBDEVFS_URB_ZERO_PACKET | 
> 
> Extra whitespace at end of line (doesn't checkpatch.pl catch this)?

I'll go edit it by hand...

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-28 14:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-23 15:39 [PATCHv2] USB: usbfs: Filter flags passed in from user space Oliver Neukum
2017-11-23 15:53 ` Alan Stern
2017-11-28 14:02   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.