3.16.60-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Shuah Khan <shua...@osg.samsung.com>
commit 5b22f676118ff25049382041da0db8012e57c9e8 upstream.
Validate !rhport < 0 before using it to access port_status array.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
[bwh: Backported to 3.16:
- Drop changes to the SetPortFeature
USB_PORT_FEAT_{SUSPEND,POWER,BH_PORT_RESET} cases
- Add the "error" label
- Adjust filename, context]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
--- a/drivers/staging/usbip/vhci_hcd.c
+++ b/drivers/staging/usbip/vhci_hcd.c
@@ -266,6 +266,8 @@ static int vhci_hub_control(struct usb_h
usbip_dbg_vhci_rh(" ClearHubFeature\n");
break;
case ClearPortFeature:
+ if (rhport < 0)
+ goto error;
switch (wValue) {
case USB_PORT_FEAT_SUSPEND:
if (dum->port_status[rhport] & USB_PORT_STAT_SUSPEND) {
@@ -370,6 +372,8 @@ static int vhci_hub_control(struct usb_h
case USB_PORT_FEAT_RESET:
usbip_dbg_vhci_rh(
" SetPortFeature: USB_PORT_FEAT_RESET\n");
+ if (rhport < 0)
+ goto error;
/* if it's already running, disconnect first */
if (dum->port_status[rhport] & USB_PORT_STAT_ENABLE) {
dum->port_status[rhport] &=
@@ -385,6 +389,8 @@ static int vhci_hub_control(struct usb_h
default:
usbip_dbg_vhci_rh(" SetPortFeature: default %d\n",
wValue);
+ if (rhport < 0)
+ goto error;
dum->port_status[rhport] |= (1 << wValue);
break;
}
@@ -392,7 +398,7 @@ static int vhci_hub_control(struct usb_h
default:
pr_err("default: no such request\n");
-
+error:
/* "protocol stall" on error */
retval = -EPIPE;
}
