Re: [PATCH] USB: don't read past config->interface[] ifusb_control_msg() fails in usb_reset_configuration()

From: Sarah Sharp
Date: Tue Feb 09 2010 - 17:52:58 EST

Next message: tip-bot for Suresh Siddha: "[tip:x86/ptrace] Revert "x86: ptrace and core-dump extensions for xstate""
Previous message: H. Peter Anvin: "Re: [PATCH 15/35] x86: make 64 bit use early_res instead of bootmembefore slab"
In reply to: Roel Kluin: "Re: [PATCH] USB: don't read past config->interface[] if usb_control_msg()fails in usb_reset_configuration()"
Next in thread: Sarah Sharp: "Re: [PATCH] USB: don't read past config->interface[] ifusb_control_msg() fails in usb_reset_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 09, 2010 at 11:01:24PM +0100, Roel Kluin wrote:
> After the loop `for (i = 0; i < config->desc.bNumInterfaces; i++)' if no
> break occurred, i equals config->desc.bNumInterfaces. so if
> usb_control_msg() failed then after goto reset_old_alts we read from
> config->interface[config->desc.bNumInterfaces].
>
> Reported-by: "Juha Leppanen" <juha_motorsportcom@xxxxxxxxxx>
> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> ---
>
> >> You correctly identified a problem, but your fix is wrong -- or at
> >> least, it is much too complicated. The proper fix goes like this:
> >
> > /* If not, reinstate the old alternate settings */
> > if (retval < 0) {
> > reset_old_alts:
> > - for (; i >= 0; i--) {
> > + for (i--; i >= 0; i--) {
> > struct usb_interface *intf = config->interface[i];
> > struct usb_host_interface *alt;
>
>
> Are you really sure this is better?

Yes.

> If usb_hcd_alloc_bandwidth() fails, in the loop _before_ the
> reset_old_alts label, don't we still have to reinstate the old
> alternate settings for that usb_interface config->interface[i]? This
> was what my initial patch tried to do.

No, you do not. Take a look at usb_hcd_alloc_bandwidth() in
drivers/usb/core/hcd.c. If an allocation fails for interface i when
the HCD's check_bandwidth() function is called, then
hcd->driver->reset_bandwidth is called. We only need to clean up the
interfaces that have successfully been allocated bandwidth (0 to i - 1).

> Alternatively usb_hcd_alloc_bandwidth() could undo what it does if an
> error occurs there, then I think i could be decremented.

Yes, that's what usb_hcd_alloc_bandwidth() does at the reset label.

Sarah
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: tip-bot for Suresh Siddha: "[tip:x86/ptrace] Revert "x86: ptrace and core-dump extensions for xstate""
Previous message: H. Peter Anvin: "Re: [PATCH 15/35] x86: make 64 bit use early_res instead of bootmembefore slab"
In reply to: Roel Kluin: "Re: [PATCH] USB: don't read past config->interface[] if usb_control_msg()fails in usb_reset_configuration()"
Next in thread: Sarah Sharp: "Re: [PATCH] USB: don't read past config->interface[] ifusb_control_msg() fails in usb_reset_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]