> But, you're absolutely right about an error message being preferable to > a dead system. The patch is simple enough and I've attached it to the > bottom of this message.
Well, since 0 is not an illegal value as specified in the USB spec, I think we should do this check in the usb_submit_urb() call, not force it to be duplicated in all host drivers. So how about the patch below? int usb_submit_urb(struct urb *urb, int mem_flags) { - if (urb && urb->dev && urb->dev->bus && urb->dev->bus->op) + + if (urb && urb->dev && urb->dev->bus && urb->dev->bus->op) { + if (usb_maxpacket(urb->dev, urb->pipe, usb_pipeout(urb->pipe)) <= 0) { + err("%s: pipe %x has invalid size (<= 0)", __FUNCTION__, urb->pipe); + return -EMSGSIZE; + } return urb->dev->bus->op->submit_urb(urb, mem_flags); - else - return -ENODEV; + } + return -ENODEV; } Hmm. So arbitrary. Why only this single test? uhci_submit_urb() starts with several sanity checks. And why precisely is it necessary? Why does the kernel die? Does it hang in a spinlock with disabled interrupts? Inspection of the code without this stopgap might reveal other bugs. Andries _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel