lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yp95+QKSqeH5AG0a@hovoldconsulting.com>
Date:   Tue, 7 Jun 2022 18:16:57 +0200
From:   Johan Hovold <johan@...nel.org>
To:     Ian Abbott <abbotti@....co.uk>
Cc:     linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        H Hartley Sweeten <hsweeten@...ionengravers.com>,
        stable@...r.kernel.org
Subject: Re: [PATCH] comedi: vmk80xx: fix expression for tx buffer size

On Mon, Jun 06, 2022 at 11:52:37AM +0100, Ian Abbott wrote:
> The expression for setting the size of the allocated bulk TX buffer
> (`devpriv->usb_tx_buf`) is calling `usb_endpoint_maxp(devpriv->ep_rx)`,
> which is using the wrong endpoint (should be `devpriv->ep_tx`).  Fix it.

Bah. Good catch.

> Fixes: a23461c47482 ("comedi: vmk80xx: fix transfer-buffer overflow")
> Cc: Johan Hovold <johan@...nel.org>
> Cc: stable@...r.kernel.org # 5.10, 5.15+

I believe this one is needed in all stable trees (e.g. 4.9+).

> Signed-off-by: Ian Abbott <abbotti@....co.uk>
> ---
>  drivers/comedi/drivers/vmk80xx.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/comedi/drivers/vmk80xx.c b/drivers/comedi/drivers/vmk80xx.c
> index 46023adc5395..4536ed43f65b 100644
> --- a/drivers/comedi/drivers/vmk80xx.c
> +++ b/drivers/comedi/drivers/vmk80xx.c
> @@ -684,7 +684,7 @@ static int vmk80xx_alloc_usb_buffers(struct comedi_device *dev)
>  	if (!devpriv->usb_rx_buf)
>  		return -ENOMEM;
>  
> -	size = max(usb_endpoint_maxp(devpriv->ep_rx), MIN_BUF_SIZE);
> +	size = max(usb_endpoint_maxp(devpriv->ep_tx), MIN_BUF_SIZE);
>  	devpriv->usb_tx_buf = kzalloc(size, GFP_KERNEL);
>  	if (!devpriv->usb_tx_buf)
>  		return -ENOMEM;

Looks good otherwise:

Reviewed-by: Johan Hovold <johan@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ