tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'usb-4.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

I wrote:
"USB fixes for 4.19-final

Here are a small number of last-minute USB driver fixes

Included here are:
- spectre fix for usb storage gadgets
- xhci fixes
- cdc-acm fixes
- usbip fixes for reported problems

All of these have been in linux-next with no reported issues."

* tag 'usb-4.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
usb: gadget: storage: Fix Spectre v1 vulnerability
USB: fix the usbfs flag sanitization for control transfers
usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms
usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable
cdc-acm: correct counting of UART states in serial state notification
cdc-acm: do not reset notification buffer index upon urb unlinking
cdc-acm: fix race between reset and control messaging
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
selftests: usbip: add wait after attach and before checking port status

Greg Kroah-Hartman c7b70a64 b2a205ff

+65 -27
+8 -8
drivers/usb/class/cdc-acm.c
··· 310 310 311 311 if (difference & ACM_CTRL_DSR) 312 312 acm->iocount.dsr++; 313 - if (difference & ACM_CTRL_BRK) 314 - acm->iocount.brk++; 315 - if (difference & ACM_CTRL_RI) 316 - acm->iocount.rng++; 317 313 if (difference & ACM_CTRL_DCD) 318 314 acm->iocount.dcd++; 319 - if (difference & ACM_CTRL_FRAMING) 315 + if (newctrl & ACM_CTRL_BRK) 316 + acm->iocount.brk++; 317 + if (newctrl & ACM_CTRL_RI) 318 + acm->iocount.rng++; 319 + if (newctrl & ACM_CTRL_FRAMING) 320 320 acm->iocount.frame++; 321 - if (difference & ACM_CTRL_PARITY) 321 + if (newctrl & ACM_CTRL_PARITY) 322 322 acm->iocount.parity++; 323 - if (difference & ACM_CTRL_OVERRUN) 323 + if (newctrl & ACM_CTRL_OVERRUN) 324 324 acm->iocount.overrun++; 325 325 spin_unlock_irqrestore(&acm->read_lock, flags); 326 326 ··· 355 355 case -ENOENT: 356 356 case -ESHUTDOWN: 357 357 /* this urb is terminated, clean up */ 358 - acm->nb_index = 0; 359 358 dev_dbg(&acm->control->dev, 360 359 "%s - urb shutting down with status: %d\n", 361 360 __func__, status); ··· 1641 1642 struct acm *acm = usb_get_intfdata(intf); 1642 1643 1643 1644 clear_bit(EVENT_RX_STALL, &acm->flags); 1645 + acm->nb_index = 0; /* pending control transfers are lost */ 1644 1646 1645 1647 return 0; 1646 1648 }
+2 -2
drivers/usb/core/devio.c
··· 1474 1474 u = 0; 1475 1475 switch (uurb->type) { 1476 1476 case USBDEVFS_URB_TYPE_CONTROL: 1477 - if (is_in) 1478 - allow_short = true; 1479 1477 if (!usb_endpoint_xfer_control(&ep->desc)) 1480 1478 return -EINVAL; 1481 1479 /* min 8 byte setup packet */ ··· 1503 1505 is_in = 0; 1504 1506 uurb->endpoint &= ~USB_DIR_IN; 1505 1507 } 1508 + if (is_in) 1509 + allow_short = true; 1506 1510 snoop(&ps->dev->dev, "control urb: bRequestType=%02x " 1507 1511 "bRequest=%02x wValue=%04x " 1508 1512 "wIndex=%04x wLength=%04x\n",
+3
drivers/usb/gadget/function/f_mass_storage.c
··· 221 221 #include <linux/usb/gadget.h> 222 222 #include <linux/usb/composite.h> 223 223 224 + #include <linux/nospec.h> 225 + 224 226 #include "configfs.h" 225 227 226 228 ··· 3154 3152 fsg_opts = to_fsg_opts(&group->cg_item); 3155 3153 if (num >= FSG_MAX_LUNS) 3156 3154 return ERR_PTR(-ERANGE); 3155 + num = array_index_nospec(num, FSG_MAX_LUNS); 3157 3156 3158 3157 mutex_lock(&fsg_opts->lock); 3159 3158 if (fsg_opts->refcnt || fsg_opts->common->luns[num]) {
+4 -2
drivers/usb/host/xhci-pci.c
··· 179 179 xhci->quirks |= XHCI_PME_STUCK_QUIRK; 180 180 } 181 181 if (pdev->vendor == PCI_VENDOR_ID_INTEL && 182 - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { 182 + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) 183 183 xhci->quirks |= XHCI_SSIC_PORT_UNUSED; 184 + if (pdev->vendor == PCI_VENDOR_ID_INTEL && 185 + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || 186 + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) 184 187 xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; 185 - } 186 188 if (pdev->vendor == PCI_VENDOR_ID_INTEL && 187 189 (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || 188 190 pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI ||
+2
drivers/usb/roles/intel-xhci-usb-role-switch.c
··· 161 161 { 162 162 struct intel_xhci_usb_data *data = platform_get_drvdata(pdev); 163 163 164 + pm_runtime_disable(&pdev->dev); 165 + 164 166 usb_role_switch_unregister(data->role_sw); 165 167 return 0; 166 168 }
+42 -15
drivers/usb/usbip/vhci_hcd.c
··· 318 318 struct vhci_hcd *vhci_hcd; 319 319 struct vhci *vhci; 320 320 int retval = 0; 321 - int rhport; 321 + int rhport = -1; 322 322 unsigned long flags; 323 + bool invalid_rhport = false; 323 324 324 325 u32 prev_port_status[VHCI_HC_PORTS]; 325 326 ··· 335 334 usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, 336 335 wIndex); 337 336 338 - if (wIndex > VHCI_HC_PORTS) 339 - pr_err("invalid port number %d\n", wIndex); 340 - rhport = wIndex - 1; 337 + /* 338 + * wIndex can be 0 for some request types (typeReq). rhport is 339 + * in valid range when wIndex >= 1 and < VHCI_HC_PORTS. 340 + * 341 + * Reference port_status[] only with valid rhport when 342 + * invalid_rhport is false. 343 + */ 344 + if (wIndex < 1 || wIndex > VHCI_HC_PORTS) { 345 + invalid_rhport = true; 346 + if (wIndex > VHCI_HC_PORTS) 347 + pr_err("invalid port number %d\n", wIndex); 348 + } else 349 + rhport = wIndex - 1; 341 350 342 351 vhci_hcd = hcd_to_vhci_hcd(hcd); 343 352 vhci = vhci_hcd->vhci; ··· 356 345 357 346 /* store old status and compare now and old later */ 358 347 if (usbip_dbg_flag_vhci_rh) { 359 - memcpy(prev_port_status, vhci_hcd->port_status, 360 - sizeof(prev_port_status)); 348 + if (!invalid_rhport) 349 + memcpy(prev_port_status, vhci_hcd->port_status, 350 + sizeof(prev_port_status)); 361 351 } 362 352 363 353 switch (typeReq) { ··· 366 354 usbip_dbg_vhci_rh(" ClearHubFeature\n"); 367 355 break; 368 356 case ClearPortFeature: 369 - if (rhport < 0) 357 + if (invalid_rhport) { 358 + pr_err("invalid port number %d\n", wIndex); 370 359 goto error; 360 + } 371 361 switch (wValue) { 372 362 case USB_PORT_FEAT_SUSPEND: 373 363 if (hcd->speed == HCD_USB3) { ··· 429 415 break; 430 416 case GetPortStatus: 431 417 usbip_dbg_vhci_rh(" GetPortStatus port %x\n", wIndex); 432 - if (wIndex < 1) { 418 + if (invalid_rhport) { 433 419 pr_err("invalid port number %d\n", wIndex); 434 420 retval = -EPIPE; 421 + goto error; 435 422 } 436 423 437 424 /* we do not care about resume. */ ··· 528 513 goto error; 529 514 } 530 515 531 - if (rhport < 0) 516 + if (invalid_rhport) { 517 + pr_err("invalid port number %d\n", wIndex); 532 518 goto error; 519 + } 533 520 534 521 vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND; 535 522 break; 536 523 case USB_PORT_FEAT_POWER: 537 524 usbip_dbg_vhci_rh( 538 525 " SetPortFeature: USB_PORT_FEAT_POWER\n"); 539 - if (rhport < 0) 526 + if (invalid_rhport) { 527 + pr_err("invalid port number %d\n", wIndex); 540 528 goto error; 529 + } 541 530 if (hcd->speed == HCD_USB3) 542 531 vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER; 543 532 else ··· 550 531 case USB_PORT_FEAT_BH_PORT_RESET: 551 532 usbip_dbg_vhci_rh( 552 533 " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n"); 553 - if (rhport < 0) 534 + if (invalid_rhport) { 535 + pr_err("invalid port number %d\n", wIndex); 554 536 goto error; 537 + } 555 538 /* Applicable only for USB3.0 hub */ 556 539 if (hcd->speed != HCD_USB3) { 557 540 pr_err("USB_PORT_FEAT_BH_PORT_RESET req not " ··· 564 543 case USB_PORT_FEAT_RESET: 565 544 usbip_dbg_vhci_rh( 566 545 " SetPortFeature: USB_PORT_FEAT_RESET\n"); 567 - if (rhport < 0) 546 + if (invalid_rhport) { 547 + pr_err("invalid port number %d\n", wIndex); 568 548 goto error; 549 + } 569 550 /* if it's already enabled, disable */ 570 551 if (hcd->speed == HCD_USB3) { 571 552 vhci_hcd->port_status[rhport] = 0; ··· 588 565 default: 589 566 usbip_dbg_vhci_rh(" SetPortFeature: default %d\n", 590 567 wValue); 591 - if (rhport < 0) 568 + if (invalid_rhport) { 569 + pr_err("invalid port number %d\n", wIndex); 592 570 goto error; 571 + } 593 572 if (hcd->speed == HCD_USB3) { 594 573 if ((vhci_hcd->port_status[rhport] & 595 574 USB_SS_PORT_STAT_POWER) != 0) { ··· 633 608 if (usbip_dbg_flag_vhci_rh) { 634 609 pr_debug("port %d\n", rhport); 635 610 /* Only dump valid port status */ 636 - if (rhport >= 0) { 611 + if (!invalid_rhport) { 637 612 dump_port_status_diff(prev_port_status[rhport], 638 613 vhci_hcd->port_status[rhport], 639 614 hcd->speed == HCD_USB3); ··· 643 618 644 619 spin_unlock_irqrestore(&vhci->lock, flags); 645 620 646 - if ((vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) 621 + if (!invalid_rhport && 622 + (vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) { 647 623 usb_hcd_poll_rh_status(hcd); 624 + } 648 625 649 626 return retval; 650 627 }
+4
tools/testing/selftests/drivers/usb/usbip/usbip_test.sh
··· 141 141 src/usbip attach -r localhost -b $busid; 142 142 echo "==============================================================" 143 143 144 + # Wait for sysfs file to be updated. Without this sleep, usbip port 145 + # shows no imported devices. 146 + sleep 3; 147 + 144 148 echo "List imported devices - expect to see imported devices"; 145 149 src/usbip port; 146 150 echo "=============================================================="