git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From e4a3d94658b5760fc947d7f7185c57db47ca362a Mon Sep 17 00:00:00 2001
   2 From: Roel Kluin <roel.kluin@gmail.com>
   3 Date: Thu, 18 Feb 2010 02:36:23 +0100
   4 Subject: USB: don't read past config->interface[] if usb_control_msg() fails in usb_reset_configuration()
   5
   6 From: Roel Kluin <roel.kluin@gmail.com>
   7
   8 commit e4a3d94658b5760fc947d7f7185c57db47ca362a upstream.
   9
  10 While looping over the interfaces, if usb_hcd_alloc_bandwidth() fails it calls
  11 hcd->driver->reset_bandwidth(), so there was no need to reinstate the interface
  12 again.
  13
  14 If no break occurred, the index equals config->desc.bNumInterfaces. A
  15 subsequent usb_control_msg() failure resulted in a read from
  16 config->interface[config->desc.bNumInterfaces] at label reset_old_alts.
  17
  18 In either case the last interface should be skipped.
  19
  20 Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
  21 Acked-by: Alan Stern <stern@rowland.harvard.edu>
  22 Acked-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
  23 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  24
  25 ---
  26  drivers/usb/core/message.c |    2 +-
  27  1 file changed, 1 insertion(+), 1 deletion(-)
  28
  29 --- a/drivers/usb/core/message.c
  30 +++ b/drivers/usb/core/message.c
  31 @@ -1471,7 +1471,7 @@ int usb_reset_configuration(struct usb_d
  32         /* If not, reinstate the old alternate settings */
  33         if (retval < 0) {
  34  reset_old_alts:
  35 -               for (; i >= 0; i--) {
  36 +               for (i--; i >= 0; i--) {
  37                         struct usb_interface *intf = config->interface[i];
  38                         struct usb_host_interface *alt;
  39