From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Robert Dobrowolski <robert.dobrowolski@linux.intel.com>,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 04/76] usb: hcd: out of bounds access in for_each_companion
Date: Thu, 19 May 2016 11:07:26 +0200 [thread overview]
Message-ID: <bc1fdc2409b7ef531df59c5fdb615ca1191f584e.1463648873.git.jslaby@suse.cz> (raw)
In-Reply-To: <c4ec97c341630e22e546c1a628a3664f17f7ffc8.1463648873.git.jslaby@suse.cz>
In-Reply-To: <cover.1463648873.git.jslaby@suse.cz>
From: Robert Dobrowolski <robert.dobrowolski@linux.intel.com>
3.12-stable review patch. If anyone has any objections, please let me know.
===============
commit e86103a75705c7c530768f4ffaba74cf382910f2 upstream.
On BXT platform Host Controller and Device Controller figure as
same PCI device but with different device function. HCD should
not pass data to Device Controller but only to Host Controllers.
Checking if companion device is Host Controller, otherwise skip.
Signed-off-by: Robert Dobrowolski <robert.dobrowolski@linux.intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/usb/core/hcd-pci.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/usb/core/hcd-pci.c b/drivers/usb/core/hcd-pci.c
index 04b21577e8ed..1778aeeb9e5c 100644
--- a/drivers/usb/core/hcd-pci.c
+++ b/drivers/usb/core/hcd-pci.c
@@ -74,6 +74,15 @@ static void for_each_companion(struct pci_dev *pdev, struct usb_hcd *hcd,
if (companion->bus != pdev->bus ||
PCI_SLOT(companion->devfn) != slot)
continue;
+
+ /*
+ * Companion device should be either UHCI,OHCI or EHCI host
+ * controller, otherwise skip.
+ */
+ if (companion->class != CL_UHCI && companion->class != CL_OHCI &&
+ companion->class != CL_EHCI)
+ continue;
+
companion_hcd = pci_get_drvdata(companion);
if (!companion_hcd || !companion_hcd->self.root_hub)
continue;
--
2.8.2
next prev parent reply other threads:[~2016-05-19 9:08 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-19 9:08 [PATCH 3.12 00/76] 3.12.60-stable review Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 01/76] crypto: gcm - Fix rfc4543 decryption crash Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 02/76] ARM: OMAP2+: hwmod: Fix updating of sysconfig register Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 03/76] usb: xhci: fix wild pointers in xhci_mem_cleanup Jiri Slaby
2016-05-19 9:07 ` Jiri Slaby [this message]
2016-05-19 9:07 ` [PATCH 3.12 05/76] lib: lz4: fixed zram with lz4 on big endian machines Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 06/76] drm/qxl: fix cursor position with non-zero hotspot Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 07/76] nl80211: check netlink protocol in socket release notification Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 08/76] Input: gtco - fix crash on detecting device without endpoints Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 09/76] pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 10/76] EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 11/76] ASoC: s3c24xx: use const snd_soc_component_driver pointer Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 12/76] ASoC: rt5640: Correct the digital interface data select Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 13/76] efi: Fix out-of-bounds read in variable_matches() Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 14/76] workqueue: fix ghost PENDING flag while doing MQ IO Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 15/76] paride: make 'verbose' parameter an 'int' again Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 16/76] fbdev: da8xx-fb: fix videomodes of lcd panels Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 17/76] misc/bmp085: Enable building as a module Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 18/76] rtc: vr41xx: Wire up alarm_irq_enable Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 19/76] drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 20/76] serial: sh-sci: Remove cpufreq notifier to fix crash/deadlock Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 21/76] include/linux/poison.h: fix LIST_POISON{1,2} offset Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 22/76] Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 23/76] perf stat: Document --detailed option Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 24/76] ARM: OMAP3: Add cpuidle parameters table for omap3430 Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 25/76] bus: imx-weim: Take the 'status' property value into account Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 26/76] sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 27/76] Revert "xfs: add capability check to free eofblocks ioctl" Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 28/76] mmc: sdhci: Allow for irq being shared Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 29/76] scsi: Avoid crashing if device uses DIX but adapter does not support it Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 30/76] cpuset: Fix potential deadlock w/ set_mems_allowed Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 31/76] compiler-gcc: disable -ftracer for __noclone functions Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 32/76] x86: LLVMLinux: Fix "incomplete type const struct x86cpu_device_id" Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 33/76] ipvs: correct initial offset of Call-ID header search in SIP persistence engine Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 34/76] nbd: ratelimit error msgs after socket close Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 35/76] clk: versatile: sp810: support reentrance Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 36/76] lpfc: fix misleading indentation Jiri Slaby
2016-05-19 9:07 ` [PATCH 3.12 37/76] ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 38/76] proc: prevent accessing /proc/<PID>/environ until it's ready Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 39/76] batman-adv: Check skb size before using encapsulated ETH+VLAN header Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 40/76] batman-adv: Fix broadcast/ogm queue limit on a removed interface Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 41/76] batman-adv: Reduce refcnt of removed router when updating route Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 42/76] MAINTAINERS: Remove asterisk from EFI directory names Jiri Slaby
2016-05-19 9:08 ` Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 43/76] x86/sysfb_efi: Fix valid BAR address range check Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 44/76] ACPICA: Dispatcher: Update thread ID for recursive method calls Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 45/76] USB: serial: cp210x: add ID for Link ECU Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 46/76] USB: serial: cp210x: add Straizona Focusers device ids Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 47/76] iio: ak8975: Fix NULL pointer exception on early interrupt Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 48/76] Input: ads7846 - correct the value got from SPI Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 49/76] powerpc: scan_features() updates incorrect bits for REAL_LE Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 50/76] Input: i8042 - lower log level for "no controller" message Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 51/76] mm/balloon_compaction: redesign ballooned pages management Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 52/76] mm/balloon_compaction: fix deflation when compaction is disabled Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 53/76] crypto: hash - Fix page length clamping in hash walk Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 54/76] get_rock_ridge_filename(): handle malformed NM entries Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 55/76] Input: max8997-haptic - fix NULL pointer dereference Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 56/76] asmlinkage, pnp: Make variables used from assembler code visible Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 57/76] drm/radeon: fix PLL sharing on DCE6.1 (v2) Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 58/76] drm/i915: Bail out of pipe config compute loop on LPT Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 59/76] ARM: OMAP3: Fix booting with thumb2 kernel Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 60/76] net/route: enforce hoplimit max value Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 61/76] decnet: Do not build routes to devices without decnet private data Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 62/76] route: do not cache fib route info on local routes with oif Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 63/76] packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 64/76] atl2: Disable unimplemented scatter/gather feature Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 65/76] ipv4/fib: don't warn when primary address is missing if in_dev is dead Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 66/76] net/mlx4_en: fix spurious timestamping callbacks Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 67/76] netem: Segment GSO packets on enqueue Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 68/76] net: fix infoleak in llc Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 69/76] net: fix infoleak in rtnetlink Jiri Slaby
2016-05-20 12:04 ` Vegard Nossum
[not found] ` <CABEk9YxT4eRBrEhkrCNHwM9yuFKRW4bBcrAfjgW0iyS0q3v65A@mail.gmail.com>
2016-05-20 14:25 ` Vegard Nossum
2016-05-20 16:45 ` David Miller
2016-05-21 0:43 ` Hannes Frederic Sowa
2016-05-19 9:08 ` [PATCH 3.12 70/76] VSOCK: do not disconnect socket when peer has shutdown SEND only Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 71/76] net: bridge: fix old ioctl unlocked net device walk Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 72/76] net: fix a kernel infoleak in x25 module Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 73/76] ASN.1: Fix non-match detection failure on data overrun Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 74/76] KEYS: Fix ASN.1 indefinite length object parsing Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 75/76] sched: Remove lockdep check in sched_move_task() Jiri Slaby
2016-05-19 9:08 ` [PATCH 3.12 76/76] X.509: remove possible code fragility: enumeration values not handled Jiri Slaby
2016-05-19 13:52 ` [PATCH 3.12 00/76] 3.12.60-stable review Guenter Roeck
2016-05-23 9:49 ` Jiri Slaby
2016-05-24 12:58 ` Shuah Khan
2016-05-24 13:55 ` Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bc1fdc2409b7ef531df59c5fdb615ca1191f584e.1463648873.git.jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=robert.dobrowolski@linux.intel.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.