linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00

History

AMAN DEEP e70c51ae7f usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function commit `3496810663` upstream. virt_dev->num_cached_rings counts on freed ring and is not updated correctly. In xhci_free_or_cache_endpoint_ring() function, the free ring is added into cache and then num_rings_cache is incremented as below: virt_dev->ring_cache[rings_cached] = virt_dev->eps[ep_index].ring; virt_dev->num_rings_cached++; here, free ring pointer is added to a current index and then index is incremented. So current index always points to empty location in the ring cache. For getting available free ring, current index should be decremented first and then corresponding ring buffer value should be taken from ring cache. But In function xhci_endpoint_init(), the num_rings_cached index is accessed before decrement. virt_dev->eps[ep_index].new_ring = virt_dev->ring_cache[virt_dev->num_rings_cached]; virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL; virt_dev->num_rings_cached--; This is bug in manipulating the index of ring cache. And it should be as below: virt_dev->num_rings_cached--; virt_dev->eps[ep_index].new_ring = virt_dev->ring_cache[virt_dev->num_rings_cached]; virt_dev->ring_cache[virt_dev->num_rings_cached] = NULL; Signed-off-by: Aman Deep <aman.deep@samsung.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2015-08-03 09:29:45 -07:00
..
atm	USB: cxacru: potential underflow in cxacru_cm_get_array()	2013-05-20 11:35:47 -07:00
c67x00	usb: c67x00 RetryCnt value in c67x00 TD should be 3	2013-03-07 12:31:37 +08:00
chipidea	usb: chipidea: need to mask when writting endptflush and endptprime	2014-03-06 21:30:10 -08:00
class	cdc-wdm: fix endianness bug in debug statements	2015-05-06 21:56:21 +02:00
core	USB: devio: fix a condition in async_completed()	2015-08-03 09:29:44 -07:00
dwc3	usb: dwc3: Reset the transfer resource index on SET_INTERFACE	2015-08-03 09:29:44 -07:00
early
gadget	usb: gadget: configfs: Fix interfaces array NULL-termination	2015-06-05 23:19:57 -07:00
host	usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function	2015-08-03 09:29:45 -07:00
image	USB: regroup all depends on USB within an if USB block	2013-04-09 16:49:07 -07:00
misc	USB: sisusb: add device id for Magic Control USB video	2014-10-05 14:54:09 -07:00
mon	USB: regroup all depends on USB within an if USB block	2013-04-09 16:49:07 -07:00
musb	usb: musb: avoid NULL pointer dereference	2014-05-06 07:55:33 -07:00
phy	usb: phy: Find the right match in devm_usb_phy_match	2015-05-06 21:56:22 +02:00
renesas_usbhs	USB: regroup all depends on USB within an if USB block	2013-04-09 16:49:07 -07:00
serial	USB: option: add 2020:4000 ID	2015-08-03 09:29:44 -07:00
storage	usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices	2015-06-05 23:19:57 -07:00
wusbcore	wusbcore: fix kernel panic when disconnecting a wireless USB->serial device	2013-08-20 08:43:05 -07:00
Kconfig	USB: regroup all depends on USB within an if USB block	2013-04-09 16:49:07 -07:00
Makefile	usb: phy: remove CONFIG_USB_OTG_UTILS	2013-03-18 11:18:08 +02:00
README
usb-common.c	usb: otg: move usb_otg_state_string to usb-common.c	2013-03-18 11:18:03 +02:00
usb-skeleton.c	USB: usb-skeleton.c: fix blocked forever in skel_read	2013-03-25 13:32:20 -07:00

README

To understand all the Linux-USB framework, you'll use these resources:

    * This source code.  This is necessarily an evolving work, and
      includes kerneldoc that should help you get a current overview.
      ("make pdfdocs", and then look at "usb.pdf" for host side and
      "gadget.pdf" for peripheral side.)  Also, Documentation/usb has
      more information.

    * The USB 2.0 specification (from www.usb.org), with supplements
      such as those for USB OTG and the various device classes.
      The USB specification has a good overview chapter, and USB
      peripherals conform to the widely known "Chapter 9".

    * Chip specifications for USB controllers.  Examples include
      host controllers (on PCs, servers, and more); peripheral
      controllers (in devices with Linux firmware, like printers or
      cell phones); and hard-wired peripherals like Ethernet adapters.

    * Specifications for other protocols implemented by USB peripheral
      functions.  Some are vendor-specific; others are vendor-neutral
      but just standardized outside of the www.usb.org team.

Here is a list of what each subdirectory here is, and what is contained in
them.

core/		- This is for the core USB host code, including the
		  usbfs files and the hub class driver ("khubd").

host/		- This is for USB host controller drivers.  This
		  includes UHCI, OHCI, EHCI, and others that might
		  be used with more specialized "embedded" systems.

gadget/		- This is for USB peripheral controller drivers and
		  the various gadget drivers which talk to them.


Individual USB driver directories.  A new driver should be added to the
first subdirectory in the list below that it fits into.

image/		- This is for still image drivers, like scanners or
		  digital cameras.
../input/	- This is for any driver that uses the input subsystem,
		  like keyboard, mice, touchscreens, tablets, etc.
../media/	- This is for multimedia drivers, like video cameras,
		  radios, and any other drivers that talk to the v4l
		  subsystem.
../net/		- This is for network drivers.
serial/		- This is for USB to serial drivers.
storage/	- This is for USB mass-storage drivers.
class/		- This is for all USB device drivers that do not fit
		  into any of the above categories, and work for a range
		  of USB Class specified devices. 
misc/		- This is for all USB device drivers that do not fit
		  into any of the above categories.