| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Oct 2018 14:43:55 +0100
From: John Keeping <john@...anate.com>
To: Minas Harutyunyan <hminas@...opsys.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
John Keeping <john@...anate.com>
Subject: [PATCH] usb: dwc2: gadget: fix ISOC frame overflow handling
By clearing the overrun flag as soon as the target frame is next
incremented, we can end up incrementing the target frame more than
expected in dwc2_gadget_handle_ep_disabled() when the endpoint's
interval is greater than 1. This happens if the target frame has just
wrapped at the point when the endpoint is disabled and the frame number
has not yet done so.
Instead, wait until the frame number also wraps and then clear the
overrun flag.
Signed-off-by: John Keeping <john@...anate.com>
---
drivers/usb/dwc2/gadget.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c
index 2d6d2c8244de..8da2c052dfa1 100644
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -117,7 +117,7 @@ static inline void dwc2_gadget_incr_frame_num(struct dwc2_hsotg_ep *hs_ep)
if (hs_ep->target_frame > DSTS_SOFFN_LIMIT) {
hs_ep->frame_overrun = true;
hs_ep->target_frame &= DSTS_SOFFN_LIMIT;
- } else {
+ } else if (hs_ep->parent->frame_number < hs_ep->target_frame) {
hs_ep->frame_overrun = false;
}
}
--
2.19.1
Powered by blists - more mailing lists