kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/ath10k-fix-division-by-zero-in-send-path.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   7026dd90a690308a2cd0f351ec4d2e3b7e35a118
  2.   patches.suse
  3.   ath10k-fix-division-by-zero-in-send-path.patch
Blob History Raw
Oliver Neukum 995d86 
From a006acb931317aad3a8dd41333ebb0453caf49b8 Mon Sep 17 00:00:00 2001
Oliver Neukum 995d86 
From: Johan Hovold <johan@kernel.org>
Oliver Neukum 995d86 
Date: Wed, 27 Oct 2021 10:08:17 +0200
Oliver Neukum 995d86 
Subject: [PATCH] ath10k: fix division by zero in send path
Oliver Neukum 995d86 
Git-commit: a006acb931317aad3a8dd41333ebb0453caf49b8
Oliver Neukum 995d86 
References: git-fixes
Oliver Neukum 995d86 
Patch-mainline: v5.16-rc1
Oliver Neukum 995d86
Oliver Neukum 995d86 
Add the missing endpoint max-packet sanity check to probe() to avoid
Oliver Neukum 995d86 
division by zero in ath10k_usb_hif_tx_sg() in case a malicious device
Oliver Neukum 995d86 
has broken descriptors (or when doing descriptor fuzz testing).
Oliver Neukum 995d86
Oliver Neukum 995d86 
Note that USB core will reject URBs submitted for endpoints with zero
Oliver Neukum 995d86 
wMaxPacketSize but that drivers doing packet-size calculations still
Oliver Neukum 995d86 
need to handle this (cf. commit 2548288b4fb0 ("USB: Fix: Don't skip
Oliver Neukum 995d86 
endpoint descriptors with maxpacket=0")).
Oliver Neukum 995d86
Oliver Neukum 995d86 
Fixes: 4db66499df91 ("ath10k: add initial USB support")
Oliver Neukum 995d86 
Cc: stable@vger.kernel.org      # 4.14
Oliver Neukum 995d86 
Cc: Erik Stromdahl <erik.stromdahl@gmail.com>
Oliver Neukum 995d86 
Signed-off-by: Johan Hovold <johan@kernel.org>
Oliver Neukum 995d86 
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Oliver Neukum 995d86 
Link: https://lore.kernel.org/r/20211027080819.6675-2-johan@kernel.org
Oliver Neukum 995d86 
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Oliver Neukum 995d86 
---
Oliver Neukum 995d86 
 drivers/net/wireless/ath/ath10k/usb.c | 5 +++++
Oliver Neukum 995d86 
 1 file changed, 5 insertions(+)
Oliver Neukum 995d86
Oliver Neukum 995d86 
diff --git a/drivers/net/wireless/ath/ath10k/usb.c b/drivers/net/wireless/ath/ath10k/usb.c
Oliver Neukum 995d86 
index 6d831b098cbb..3d98f19c6ec8 100644
Oliver Neukum 995d86 
--- a/drivers/net/wireless/ath/ath10k/usb.c
Oliver Neukum 995d86 
+++ b/drivers/net/wireless/ath/ath10k/usb.c
Oliver Neukum 995d86 
@@ -853,6 +853,11 @@ static int ath10k_usb_setup_pipe_resources(struct ath10k *ar,
Oliver Neukum 995d86 
 				   le16_to_cpu(endpoint->wMaxPacketSize),
Oliver Neukum 995d86 
 				   endpoint->bInterval);
Oliver Neukum 995d86 
 		}
Oliver Neukum 995d86 
+
Oliver Neukum 995d86 
+		/* Ignore broken descriptors. */
Oliver Neukum 995d86 
+		if (usb_endpoint_maxp(endpoint) == 0)
Oliver Neukum 995d86 
+			continue;
Oliver Neukum 995d86 
+
Oliver Neukum 995d86 
 		urbcount = 0;
Oliver Neukum 995d86
Oliver Neukum 995d86 
 		pipe_num =
Oliver Neukum 995d86 
--
Oliver Neukum 995d86 
2.40.0
Oliver Neukum 995d86
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.