redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/usb
History
Andrzej Pietrasiewicz a0456399fb usb: gadget: configfs: don't NUL-terminate (sub)compatible ids 
The "Extended Compat ID OS Feature Descriptor Specification" does not
require the (sub)compatible ids to be NUL-terminated, because they
are placed in a fixed-size buffer and only unused parts of it should
contain NULs. If the buffer is fully utilized, there is no place for NULs.

Consequently, the code which uses desc->ext_compat_id never expects the
data contained to be NUL terminated.

If the compatible id is stored after sub-compatible id, and the compatible
id is full length (8 bytes), the (useless) NUL terminator overwrites the
first byte of the sub-compatible id.

If the sub-compatible id is full length (8 bytes), the (useless) NUL
terminator ends up out of the buffer. The situation can happen in the RNDIS
function, where the buffer is a part of struct f_rndis_opts. The next
member of struct f_rndis_opts is a mutex, so its first byte gets
overwritten. The said byte is a part of a mutex'es member which contains
the information on whether the muext is locked or not. This can lead to a
deadlock, because, in a configfs-composed gadget when a function is linked
into a configuration with config_usb_cfg_link(), usb_get_function()
is called, which then calls rndis_alloc(), which tries locking the same
mutex and (wrongly) finds it already locked.

This patch eliminates NUL terminating of the (sub)compatible id.

Cc: <stable@vger.kernel.org> # v3.16+
Fixes: da4243145f: "usb: gadget: configfs: OS Extended Compatibility descriptors support"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2015-02-23 09:37:27 -06:00
..
atm
c67x00
chipidea usb: patches for v3.20 merge window 2015-02-04 11:03:20 -08:00
class cdc-acm: kill unnecessary messages 2015-01-31 08:58:39 -08:00
common
core USB patches for 3.20-rc1 2015-02-15 10:24:55 -08:00
dwc2 usb: patches for v3.20 merge window 2015-02-04 11:03:20 -08:00
dwc3 usb: dwc3: dwc3-omap: Fix disable IRQ 2015-02-23 09:36:34 -06:00
early
gadget usb: gadget: configfs: don't NUL-terminate (sub)compatible ids 2015-02-23 09:37:27 -06:00
host Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-02-17 17:41:19 -08:00
image USB: use %*ph specifier in mikrotek driver 2015-01-09 11:37:18 -08:00
isp1760 usb: isp1760: use msecs_to_jiffies for time conversion 2015-02-23 09:18:20 -06:00
misc USB: use %*ph specifier in uss720 driver 2015-01-09 11:37:18 -08:00
mon
musb usb: musb: Fix getting a generic phy for musb_dsps 2015-02-23 09:15:25 -06:00
phy Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2015-02-19 10:36:45 -08:00
renesas_usbhs usb: renesas: fix extcon dependency 2015-02-23 09:14:33 -06:00
serial USB-serial fixes for v3.19-rc7 2015-01-30 17:38:43 -08:00
storage usb-storage/SCSI: blacklist FUA on JMicron 152d:2566 USB-SATA controller 2015-01-25 21:20:42 +08:00
usbip usbip: vhci_hcd: use HUB_CHAR_* 2015-01-25 21:02:33 +08:00
wusbcore USB patches for 3.20-rc1 2015-02-15 10:24:55 -08:00
Kconfig usb: isp1760: Move driver from drivers/usb/host/ to drivers/usb/isp1760/ 2015-01-27 09:39:38 -06:00
Makefile usb: isp1760: Move driver from drivers/usb/host/ to drivers/usb/isp1760/ 2015-01-27 09:39:38 -06:00
README
usb-skeleton.c

README 

To understand all the Linux-USB framework, you'll use these resources:

    * This source code.  This is necessarily an evolving work, and
      includes kerneldoc that should help you get a current overview.
      ("make pdfdocs", and then look at "usb.pdf" for host side and
      "gadget.pdf" for peripheral side.)  Also, Documentation/usb has
      more information.

    * The USB 2.0 specification (from www.usb.org), with supplements
      such as those for USB OTG and the various device classes.
      The USB specification has a good overview chapter, and USB
      peripherals conform to the widely known "Chapter 9".

    * Chip specifications for USB controllers.  Examples include
      host controllers (on PCs, servers, and more); peripheral
      controllers (in devices with Linux firmware, like printers or
      cell phones); and hard-wired peripherals like Ethernet adapters.

    * Specifications for other protocols implemented by USB peripheral
      functions.  Some are vendor-specific; others are vendor-neutral
      but just standardized outside of the www.usb.org team.

Here is a list of what each subdirectory here is, and what is contained in
them.

core/		- This is for the core USB host code, including the
		  usbfs files and the hub class driver ("hub_wq").

host/		- This is for USB host controller drivers.  This
		  includes UHCI, OHCI, EHCI, and others that might
		  be used with more specialized "embedded" systems.

gadget/		- This is for USB peripheral controller drivers and
		  the various gadget drivers which talk to them.


Individual USB driver directories.  A new driver should be added to the
first subdirectory in the list below that it fits into.

image/		- This is for still image drivers, like scanners or
		  digital cameras.
../input/	- This is for any driver that uses the input subsystem,
		  like keyboard, mice, touchscreens, tablets, etc.
../media/	- This is for multimedia drivers, like video cameras,
		  radios, and any other drivers that talk to the v4l
		  subsystem.
../net/		- This is for network drivers.
serial/		- This is for USB to serial drivers.
storage/	- This is for USB mass-storage drivers.
class/		- This is for all USB device drivers that do not fit
		  into any of the above categories, and work for a range
		  of USB Class specified devices. 
misc/		- This is for all USB device drivers that do not fit
		  into any of the above categories.