linux/drivers/usb
Suwan Kim 2a9125317b usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit()
Smatch reported that nents is not initialized and used in
stub_recv_cmd_submit(). nents is currently initialized by sgl_alloc()
and used to allocate multiple URBs when host controller doesn't
support scatter-gather DMA. The use of uninitialized nents means that
buf_len is zero and use_sg is true. But buffer length should not be
zero when an URB uses scatter-gather DMA.

To prevent this situation, add the conditional that checks buf_len
and use_sg. And move the use of nents right after the sgl_alloc() to
avoid the use of uninitialized nents.

If the error occurs, it adds SDEV_EVENT_ERROR_MALLOC and stub_priv
will be released by stub event handler and connection will be shut
down.

Fixes: ea44d19076 ("usbip: Implement SG support to vhci-hcd and stub driver")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Suwan Kim <suwan.kim027@gmail.com>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191111141035.27788-1-suwan.kim027@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-11-13 18:53:11 +08:00
..
atm USB: atm: cxacru: convert to use dev_groups 2019-08-09 07:55:45 +02:00
c67x00
cdns3 usb: cdns3: gadget: Fix g_audio use case when connected to Super-Speed host 2019-10-30 14:39:07 +01:00
chipidea usb: Spelling s/disconnet/disconnect/ 2019-11-04 15:53:01 +01:00
class USB: usblp: fix use-after-free on disconnect 2019-10-15 20:19:19 +02:00
common usb: common: add USB GPIO based connection detection driver 2019-09-03 19:01:04 +02:00
core usb: Allow USB device to be warm reset in suspended state 2019-11-07 11:14:51 +01:00
dwc2 usb: Spelling s/enpoint/endpoint/ 2019-11-04 15:53:00 +01:00
dwc3 Merge 5.4-rc6 into usb-next 2019-11-04 06:41:09 +01:00
early drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
gadget usb: gadget: pch_udc: fix use after free 2019-11-07 11:14:51 +01:00
host usb: host: fotg210: add missed clk_put calls 2019-11-04 15:53:02 +01:00
image Merge 5.4-rc3 into usb-next 2019-10-14 07:09:59 +02:00
isp1760 usb: isp1760: isp1760-hcd.c: Drop condition with no effect 2019-10-07 13:01:47 +02:00
misc USB: chaoskey: fix error case of a timeout 2019-11-11 14:29:39 +01:00
mon docs: usb: rename files to .rst and add them to drivers-api 2019-06-20 14:28:36 +02:00
mtu3 Merge 5.4-rc6 into usb-next 2019-11-04 06:41:09 +01:00
musb usb: Spelling s/enpoint/endpoint/ 2019-11-04 15:53:00 +01:00
phy usb: phy: keystone: use devm_platform_ioremap_resource() to simplify code 2019-10-04 14:09:41 +02:00
renesas_usbhs Merge 5.4-rc6 into usb-next 2019-11-04 06:41:09 +01:00
roles usb: roles: Add usb_role_switch_find_by_fwnode() 2019-11-04 15:05:25 +01:00
serial Merge 5.4-rc6 into usb-next 2019-11-04 06:41:09 +01:00
storage Merge 5.4-rc6 into usb-next 2019-11-04 06:41:09 +01:00
typec usb: typec: ucsi: Optimise ucsi_unregister() 2019-11-04 21:53:15 +01:00
usbip usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() 2019-11-13 18:53:11 +08:00
Kconfig usb: common: create Kconfig file 2019-09-03 19:00:39 +02:00
Makefile USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
usb-skeleton.c USB: usb-skeleton: drop redundant in-urb check 2019-10-10 12:41:19 +02:00