| Message ID | 20220209025234.25230-1-xy521521@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 243a1dd7ba48c120986dd9e66fee74bcb7751034 |
| Headers | show |
| Series | [-next,v2] xhci: fix two places when dealing with return value of function xhci_check_args | expand |
On 9.2.2022 4.52, Hongyu Xie wrote: > From: Hongyu Xie <xiehongyu1@kylinos.cn> > > xhci_check_args returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. > xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if > the return value of xhci_check_args <= 0. > This will cause a problem. > For example, r8152_submit_rx calling usb_submit_urb in > drivers/net/usb/r8152.c. > r8152_submit_rx will never get -ENODEV after submiting an urb > when xHC is halted, > because xhci_urb_enqueue returns -EINVAL in the very beginning. > > Fixes: 203a86613fb3 ("xhci: Avoid NULL pointer deref when host dies.") > Cc: stable@vger.kernel.org > Signed-off-by: Hongyu Xie <xiehongyu1@kylinos.cn> > --- Thanks, added to queue. Changed the commit message and header a bit: "xhci: Prevent futile URB re-submissions due to incorrect return value. The -ENODEV return value from xhci_check_args() is incorrectly changed to -EINVAL in a couple places before propagated further. xhci_check_args() returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if the return value of xhci_check_args <= 0. This causes problems for example r8152_submit_rx, calling usb_submit_urb in drivers/net/usb/r8152.c. r8152_submit_rx will never get -ENODEV after submiting an urb when xHC is halted because xhci_urb_enqueue returns -EINVAL in the very beginning." Let me know if you disagree with this. Thanks -Mathias
Hi, On 2022/2/9 17:29, Mathias Nyman wrote: > On 9.2.2022 4.52, Hongyu Xie wrote: >> From: Hongyu Xie <xiehongyu1@kylinos.cn> >> >> xhci_check_args returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. >> xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if >> the return value of xhci_check_args <= 0. >> This will cause a problem. >> For example, r8152_submit_rx calling usb_submit_urb in >> drivers/net/usb/r8152.c. >> r8152_submit_rx will never get -ENODEV after submiting an urb >> when xHC is halted, >> because xhci_urb_enqueue returns -EINVAL in the very beginning. >> >> Fixes: 203a86613fb3 ("xhci: Avoid NULL pointer deref when host dies.") >> Cc: stable@vger.kernel.org >> Signed-off-by: Hongyu Xie <xiehongyu1@kylinos.cn> >> --- > Thanks, added to queue. > Changed the commit message and header a bit: > > "xhci: Prevent futile URB re-submissions due to incorrect return value. > > The -ENODEV return value from xhci_check_args() is incorrectly changed > to -EINVAL in a couple places before propagated further. > > xhci_check_args() returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. > xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if > the return value of xhci_check_args <= 0. > This causes problems for example r8152_submit_rx, calling usb_submit_urb > in drivers/net/usb/r8152.c. > r8152_submit_rx will never get -ENODEV after submiting an urb when xHC > is halted because xhci_urb_enqueue returns -EINVAL in the very beginning." > > Let me know if you disagree with this. > > Thanks > -Mathias Sounds good to me. Do I have to send another patch with commit message and header changed? Thanks Hongyu Xie
On 10.2.2022 3.04, 谢泓宇 wrote: > Hi, > > On 2022/2/9 17:29, Mathias Nyman wrote: >> On 9.2.2022 4.52, Hongyu Xie wrote: >>> From: Hongyu Xie <xiehongyu1@kylinos.cn> >>> >>> xhci_check_args returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. >>> xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if >>> the return value of xhci_check_args <= 0. >>> This will cause a problem. >>> For example, r8152_submit_rx calling usb_submit_urb in >>> drivers/net/usb/r8152.c. >>> r8152_submit_rx will never get -ENODEV after submiting an urb >>> when xHC is halted, >>> because xhci_urb_enqueue returns -EINVAL in the very beginning. >>> >>> Fixes: 203a86613fb3 ("xhci: Avoid NULL pointer deref when host dies.") >>> Cc: stable@vger.kernel.org >>> Signed-off-by: Hongyu Xie <xiehongyu1@kylinos.cn> >>> --- >> Thanks, added to queue. >> Changed the commit message and header a bit: >> >> "xhci: Prevent futile URB re-submissions due to incorrect return value. >> The -ENODEV return value from xhci_check_args() is incorrectly changed >> to -EINVAL in a couple places before propagated further. >> xhci_check_args() returns 4 types of value, -ENODEV, -EINVAL, 1 and 0. >> xhci_urb_enqueue and xhci_check_streams_endpoint return -EINVAL if >> the return value of xhci_check_args <= 0. >> This causes problems for example r8152_submit_rx, calling usb_submit_urb >> in drivers/net/usb/r8152.c. >> r8152_submit_rx will never get -ENODEV after submiting an urb when xHC >> is halted because xhci_urb_enqueue returns -EINVAL in the very beginning." >> >> Let me know if you disagree with this. >> >> Thanks >> -Mathias > > Sounds good to me. > > Do I have to send another patch with commit message and header changed? > > Thanks > > Hongyu Xie > No need, I'll submit it. -Mathias
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index dc357cabb265..948546b98af0 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1604,9 +1604,12 @@ static int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag struct urb_priv *urb_priv; int num_tds; - if (!urb || xhci_check_args(hcd, urb->dev, urb->ep, - true, true, __func__) <= 0) + if (!urb) return -EINVAL; + ret = xhci_check_args(hcd, urb->dev, urb->ep, + true, true, __func__); + if (ret <= 0) + return ret ? ret : -EINVAL; slot_id = urb->dev->slot_id; ep_index = xhci_get_endpoint_index(&urb->ep->desc); @@ -3323,7 +3326,7 @@ static int xhci_check_streams_endpoint(struct xhci_hcd *xhci, return -EINVAL; ret = xhci_check_args(xhci_to_hcd(xhci), udev, ep, 1, true, __func__); if (ret <= 0) - return -EINVAL; + return ret ? ret : -EINVAL; if (usb_ss_max_streams(&ep->ss_ep_comp) == 0) { xhci_warn(xhci, "WARN: SuperSpeed Endpoint Companion" " descriptor for ep 0x%x does not support streams\n",