usb patch

author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-04-29 17:42:18 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-04-29 17:42:18 +0200
commit: 4f5efdd3c8ea0888db32f21f3bde0d3c9a144dac (patch)
tree: 52c13c927a17f52d207295af8fc18fce15400e44
parent: db1c0ff8c49e70a2eb1d93f7b2f2dfca0a70eea0 (diff)
download: patches-4f5efdd3c8ea0888db32f21f3bde0d3c9a144dac.tar.gz
2 files changed, 114 insertions, 0 deletions
diff --git a/series b/series
index 98706032ef92a2..6f437bdffc563e 100644
--- a/series
+++ b/series
@@ -1,5 +1,6 @@
 #
 
+usb-serial-visor-handle-potential-invalid-device-configuration.patch
 usb_DEVICE_ATTR.patch
 
 
diff --git a/usb-serial-visor-handle-potential-invalid-device-configuration.patch b/usb-serial-visor-handle-potential-invalid-device-configuration.patch
new file mode 100644
index 00000000000000..15f465118ab947
--- /dev/null
+++ b/usb-serial-visor-handle-potential-invalid-device-configuration.patch
@@ -0,0 +1,113 @@
+From foo@baz Sun Apr 29 17:37:43 CEST 2018
+Date: Sun, 29 Apr 2018 17:37:43 +0200
+To: Greg KH <gregkh@linuxfoundation.org>
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Subject: [PATCH] USB: serial: visor: handle potential invalid device configuration
+
+If we get an invalid device configuration from a palm 3 type device, we
+might incorrectly parse things, and we have the potential to crash in
+"interesting" ways.
+
+Fix this up by verifying the size of the configuration passed to us by
+the device, and only if it is correct, will we handle it.
+
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+
+Here is my long-forgotten patch for the visor driver to resolve an issue
+that Andrey found back in September of 2017.  Sorry for the long delay.
+
+Johan, I incorporated your review comments of my original one-off patch
+here as well.
+
+
+diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c
+index f5373ed2cd45..8ddbecc25d89 100644
+--- a/drivers/usb/serial/visor.c
++++ b/drivers/usb/serial/visor.c
+@@ -335,47 +335,48 @@ static int palm_os_3_probe(struct usb_serial *serial,
+ 		goto exit;
+ 	}
+ 
+-	if (retval == sizeof(*connection_info)) {
+-			connection_info = (struct visor_connection_info *)
+-							transfer_buffer;
+-
+-		num_ports = le16_to_cpu(connection_info->num_ports);
+-		for (i = 0; i < num_ports; ++i) {
+-			switch (
+-			   connection_info->connections[i].port_function_id) {
+-			case VISOR_FUNCTION_GENERIC:
+-				string = "Generic";
+-				break;
+-			case VISOR_FUNCTION_DEBUGGER:
+-				string = "Debugger";
+-				break;
+-			case VISOR_FUNCTION_HOTSYNC:
+-				string = "HotSync";
+-				break;
+-			case VISOR_FUNCTION_CONSOLE:
+-				string = "Console";
+-				break;
+-			case VISOR_FUNCTION_REMOTE_FILE_SYS:
+-				string = "Remote File System";
+-				break;
+-			default:
+-				string = "unknown";
+-				break;
+-			}
+-			dev_info(dev, "%s: port %d, is for %s use\n",
+-				serial->type->description,
+-				connection_info->connections[i].port, string);
+-		}
++	if (retval != sizeof(*connection_info)) {
++		dev_err(dev, "Invalid connection information received from device\n");
++		retval = -ENODEV;
++		goto exit;
+ 	}
+-	/*
+-	* Handle devices that report invalid stuff here.
+-	*/
++
++	connection_info = (struct visor_connection_info *)transfer_buffer;
++
++	num_ports = le16_to_cpu(connection_info->num_ports);
++
++	/* Handle devices that report invalid stuff here. */
+ 	if (num_ports == 0 || num_ports > 2) {
+ 		dev_warn(dev, "%s: No valid connect info available\n",
+ 			serial->type->description);
+ 		num_ports = 2;
+ 	}
+ 
++	for (i = 0; i < num_ports; ++i) {
++		switch (connection_info->connections[i].port_function_id) {
++		case VISOR_FUNCTION_GENERIC:
++			string = "Generic";
++			break;
++		case VISOR_FUNCTION_DEBUGGER:
++			string = "Debugger";
++			break;
++		case VISOR_FUNCTION_HOTSYNC:
++			string = "HotSync";
++			break;
++		case VISOR_FUNCTION_CONSOLE:
++			string = "Console";
++			break;
++		case VISOR_FUNCTION_REMOTE_FILE_SYS:
++			string = "Remote File System";
++			break;
++		default:
++			string = "unknown";
++			break;
++		}
++		dev_info(dev, "%s: port %d, is for %s use\n",
++			serial->type->description,
++			connection_info->connections[i].port, string);
++	}
+ 	dev_info(dev, "%s: Number of ports: %d\n", serial->type->description,
+ 		num_ports);
+
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-04-29 17:42:18 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-04-29 17:42:18 +0200
commit	4f5efdd3c8ea0888db32f21f3bde0d3c9a144dac (patch)
tree	52c13c927a17f52d207295af8fc18fce15400e44
parent	db1c0ff8c49e70a2eb1d93f7b2f2dfca0a70eea0 (diff)
download	patches-4f5efdd3c8ea0888db32f21f3bde0d3c9a144dac.tar.gz