On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote:
> On Tue, 16 Aug 2016, Binyamin Sharet wrote:
>
> > Kernel version: raspberrypi 4.4.6-v7+ #871
> > Driver source file: drivers/usb/serial/digi_acceleport.c
> > Umap2 command line: umap2vsscan -P <PHY> -s 05c5:0002
> >
> > After connecting such a device, NULL pointer dereference in the kernel.
> >
> > Binyamin Sharet
> > Cisco, STARE-C
> >
> > << Attached: 05c5_0002_dmesg.log >>
>
> This looks like a bug in the digi_acceleport driver. digi_startup()
> does this:
>
> serial_priv->ds_oob_port_num = serial->type->num_ports;
> serial_priv->ds_oob_port = serial->port[serial_priv->ds_oob_port_num];
>
> Even without knowing exactly what this is supposed to be doing, one
> gets the definite impression that the first line should be:
>
> serial_priv->ds_oob_port_num = serial->type->num_ports - 1;
>
> Johan?
The out-of-band port is not included in num_ports so that should not be
the issue here. The missing sanity checks for the endpoint layout were
only recently added by
5a07975ad0a3 ("USB: digi_acceleport: do sanity checking for the
number of ports")
however, even if it has been included in 4.4-stable since 4.4.7.
Binyamin, could you rerun your tests on the latest 4.4-stable kernel to
make sure you're not reporting already fixed issues?
Thanks,
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
