| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Aug 2021 16:36:27 +0800
From: Chunfeng Yun <chunfeng.yun@...iatek.com>
To: Rob Herring <robh+dt@...nel.org>,
Mathias Nyman <mathias.nyman@...el.com>
CC: Chunfeng Yun <chunfeng.yun@...iatek.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Matthias Brugger <matthias.bgg@...il.com>,
<linux-usb@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>, <devicetree@...r.kernel.org>,
<linux-kernel@...r.kernel.org>,
Eddie Hung <eddie.hung@...iatek.com>
Subject: [PATCH RESEND 7/9] usb: xhci-mtk: check boundary before check tt
check_sch_tt() will access fs_bus_bw[] array, check boundary
firstly to avoid out-of-bounds issue.
Signed-off-by: Chunfeng Yun <chunfeng.yun@...iatek.com>
---
drivers/usb/host/xhci-mtk-sch.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/host/xhci-mtk-sch.c b/drivers/usb/host/xhci-mtk-sch.c
index 10c0f0f6461f..c2f13d69c607 100644
--- a/drivers/usb/host/xhci-mtk-sch.c
+++ b/drivers/usb/host/xhci-mtk-sch.c
@@ -600,13 +600,14 @@ static int check_sch_bw(struct mu3h_sch_bw_info *sch_bw,
* and find a microframe where its worst bandwidth is minimum.
*/
for (offset = 0; offset < sch_ep->esit; offset++) {
- ret = check_sch_tt(sch_ep, offset);
- if (ret)
- continue;
if ((offset + sch_ep->num_budget_microframes) > esit_boundary)
break;
+ ret = check_sch_tt(sch_ep, offset);
+ if (ret)
+ continue;
+
worst_bw = get_max_bw(sch_bw, sch_ep, offset);
if (worst_bw > bw_boundary)
continue;
--
2.18.0
Powered by blists - more mailing lists