redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers/media/usb/pvrusb2
History
Andrey Konovalov 9bae74042e media: pvrusb2: properly check endpoint types 
commit 72c27a68a2 upstream.

As syzkaller detected, pvrusb2 driver submits bulk urb withount checking
the the endpoint type is actually blunk. Add a check.

usb 1-1: BOGUS urb xfer, pipe 3 != type 1
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2713 at drivers/usb/core/urb.c:449 usb_submit_urb+0xf8a/0x11d0
Modules linked in:
CPU: 1 PID: 2713 Comm: pvrusb2-context Not tainted
4.14.0-rc1-42251-gebb2c2437d80 #210
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006b7a18c0 task.stack: ffff880069978000
RIP: 0010:usb_submit_urb+0xf8a/0x11d0 drivers/usb/core/urb.c:448
RSP: 0018:ffff88006997f990 EFLAGS: 00010286
RAX: 0000000000000029 RBX: ffff880063661900 RCX: 0000000000000000
RDX: 0000000000000029 RSI: ffffffff86876d60 RDI: ffffed000d32ff24
RBP: ffff88006997fa90 R08: 1ffff1000d32fdca R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1000d32ff39
R13: 0000000000000001 R14: 0000000000000003 R15: ffff880068bbed68
FS:  0000000000000000(0000) GS:ffff88006c600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001032000 CR3: 000000006a0ff000 CR4: 00000000000006f0
Call Trace:
 pvr2_send_request_ex+0xa57/0x1d80 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:3645
 pvr2_hdw_check_firmware drivers/media/usb/pvrusb2/pvrusb2-hdw.c:1812
 pvr2_hdw_setup_low drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2107
 pvr2_hdw_setup drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2250
 pvr2_hdw_initialize+0x548/0x3c10 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2327
 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:118
 pvr2_context_thread_func+0x361/0x8c0 drivers/media/usb/pvrusb2/pvrusb2-context.c:167
 kthread+0x3a1/0x470 kernel/kthread.c:231
 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
Code: 48 8b 85 30 ff ff ff 48 8d b8 98 00 00 00 e8 ee 82 89 fe 45 89
e8 44 89 f1 4c 89 fa 48 89 c6 48 c7 c7 40 c0 ea 86 e8 30 1b dc fc <0f>
ff e9 9b f7 ff ff e8 aa 95 25 fd e9 80 f7 ff ff e8 50 74 f3
---[ end trace 6919030503719da6 ]---

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
 		2018-02-25 11:07:49 +01:00
..
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pvrusb2-audio.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-audio.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-context.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-context.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-cs53l32a.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-cs53l32a.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-ctrl.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-ctrl.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-cx2584x-v4l.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-cx2584x-v4l.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-debug.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-debugifc.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-debugifc.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-devattr.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-devattr.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-dvb.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-dvb.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pvrusb2-eeprom.c [media] tveeprom: get rid of unused arg on tveeprom_hauppauge_analog() 2017-03-03 07:35:02 -03:00
pvrusb2-eeprom.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-encoder.c media: pvrusb2: fix the retry logic 2017-07-20 16:25:41 -04:00
pvrusb2-encoder.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-fx2-cmd.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-hdw-internal.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-hdw.c media: pvrusb2: properly check endpoint types 2018-02-25 11:07:49 +01:00
pvrusb2-hdw.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-i2c-core.c media: usb: make i2c_adapter const 2017-08-26 08:41:58 -04:00
pvrusb2-i2c-core.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-io.c [media] pvrusb2-io: Add some spaces for better code readability 2017-01-31 08:05:45 -02:00
pvrusb2-io.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-ioread.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-ioread.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-main.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-std.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-std.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-sysfs.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-sysfs.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-util.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-v4l2.c media: usb: make video_device const 2017-08-27 08:45:32 -04:00
pvrusb2-v4l2.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-video-v4l.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-video-v4l.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-wm8775.c [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2-wm8775.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00
pvrusb2.h [media] media: Drop FSF's postal address from the source code files 2017-01-27 11:38:09 -02:00