> But, you're absolutely right about an error message being preferable to
> a dead system. The patch is simple enough and I've attached it to the
> bottom of this message.
Well, since 0 is not an illegal value as specified in the USB spec, I
think we should do this check in the usb_submit_urb() call, not force it
to be duplicated in all host drivers. So how about the patch below?
int usb_submit_urb(struct urb *urb, int mem_flags)
{
- if (urb && urb->dev && urb->dev->bus && urb->dev->bus->op)
+
+ if (urb && urb->dev && urb->dev->bus && urb->dev->bus->op) {
+ if (usb_maxpacket(urb->dev, urb->pipe, usb_pipeout(urb->pipe)) <= 0) {
+ err("%s: pipe %x has invalid size (<= 0)", __FUNCTION__, urb->pipe);
+ return -EMSGSIZE;
+ }
return urb->dev->bus->op->submit_urb(urb, mem_flags);
- else
- return -ENODEV;
+ }
+ return -ENODEV;
}
Hmm. So arbitrary. Why only this single test?
uhci_submit_urb() starts with several sanity checks.
And why precisely is it necessary?
Why does the kernel die? Does it hang in a spinlock with
disabled interrupts? Inspection of the code without this
stopgap might reveal other bugs.
Andries
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
