--- /dev/null
+From 7c92e5fbf4dac0dd4dd41a0383adc54f16f403e2 Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
+Date: Thu, 9 Feb 2017 01:49:56 -0600
+Subject: drivers: usb: usbip: Add missing break statement to switch
+
+From: Gustavo A. R. Silva <garsilva@embeddedor.com>
+
+commit 7c92e5fbf4dac0dd4dd41a0383adc54f16f403e2 upstream.
+
+Add missing break statement to prevent the code for case
+USB_PORT_FEAT_C_RESET falling through to the default case.
+
+Addresses-Coverity-ID: 143155
+Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/usbip/vhci_hcd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/usbip/vhci_hcd.c
++++ b/drivers/usb/usbip/vhci_hcd.c
+@@ -303,6 +303,7 @@ static int vhci_hub_control(struct usb_h
+ default:
+ break;
+ }
++ break;
+ default:
+ usbip_dbg_vhci_rh(" ClearPortFeature: default %x\n",
+ wValue);
--- /dev/null
+From 10c90120930628e8b959bf58d4a0aaef3ae5d945 Mon Sep 17 00:00:00 2001
+From: Shuah Khan <shuah@kernel.org>
+Date: Fri, 15 Dec 2017 10:05:15 -0700
+Subject: usbip: stub_rx: fix static checker warning on unnecessary checks
+
+From: Shuah Khan <shuahkh@osg.samsung.com>
+
+commit 10c90120930628e8b959bf58d4a0aaef3ae5d945 upstream.
+
+Fix the following static checker warnings:
+
+The patch c6688ef9f297: "usbip: fix stub_rx: harden CMD_SUBMIT path
+to handle malicious input" from Dec 7, 2017, leads to the following
+static checker warning:
+
+ drivers/usb/usbip/stub_rx.c:346 get_pipe()
+ warn: impossible condition
+'(pdu->u.cmd_submit.transfer_buffer_length > ((~0 >> 1))) =>
+(s32min-s32max > s32max)'
+ drivers/usb/usbip/stub_rx.c:486 stub_recv_cmd_submit()
+ warn: always true condition
+'(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >> 1))) =>
+(s32min-s32max <= s32max)'
+
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
+index 2f29be474098..6c5a59313999 100644
+--- a/drivers/usb/usbip/stub_rx.c
++++ b/drivers/usb/usbip/stub_rx.c
+@@ -339,14 +339,6 @@ static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu)
+
+ epd = &ep->desc;
+
+- /* validate transfer_buffer_length */
+- if (pdu->u.cmd_submit.transfer_buffer_length > INT_MAX) {
+- dev_err(&sdev->udev->dev,
+- "CMD_SUBMIT: -EMSGSIZE transfer_buffer_length %d\n",
+- pdu->u.cmd_submit.transfer_buffer_length);
+- return -1;
+- }
+-
+ if (usb_endpoint_xfer_control(epd)) {
+ if (dir == USBIP_DIR_OUT)
+ return usb_sndctrlpipe(udev, epnum);
+@@ -479,8 +471,7 @@ static void stub_recv_cmd_submit(struct stub_device *sdev,
+ }
+
+ /* allocate urb transfer buffer, if needed */
+- if (pdu->u.cmd_submit.transfer_buffer_length > 0 &&
+- pdu->u.cmd_submit.transfer_buffer_length <= INT_MAX) {
++ if (pdu->u.cmd_submit.transfer_buffer_length > 0) {
+ priv->urb->transfer_buffer =
+ kzalloc(pdu->u.cmd_submit.transfer_buffer_length,
+ GFP_KERNEL);
projects / thirdparty / kernel / stable-queue.git / commitdiff
