| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations.
Signed-off-by: Shuah Khan <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Now that the SPDX tag is in all USB files, that identifies the license
in a specific and legally-defined manner. So the extra GPL text wording
can be removed as it is no longer needed at all.
This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text. And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.
No copyright headers or other non-license-description text was removed.
Cc: Valentina Manea <[email protected]>
Acked-by: Shuah Khan <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses.
Update the drivers/usb/ and include/linux/usb* files with the correct
SPDX license identifier based on the license text in the file itself.
The SPDX identifier is a legally binding shorthand, which can be used
instead of the full boiler plate text.
This work is based on a script and data from Thomas Gleixner, Philippe
Ombredanne, and Kate Stewart.
Cc: Thomas Gleixner <[email protected]>
Cc: Kate Stewart <[email protected]>
Cc: Philippe Ombredanne <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Acked-by: Felipe Balbi <[email protected]>
Acked-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
In v_recv_cmd_submit(), urb_p->urb->pipe has the type unsigned int
(which is 32-bit long on x86_64) but 11<<30 results in a 34-bit integer.
Therefore the 2 leading bits are truncated and
urb_p->urb->pipe &= ~(11 << 30);
has the same meaning as
urb_p->urb->pipe &= ~(3 << 30);
This second statement seems to be how the code was intended to be
written, as PIPE_ constants have values between 0 and 3.
The overflow has been detected with a clang warning:
drivers/usb/usbip/vudc_rx.c:145:27: warning: signed shift result
(0x2C0000000) requires 35 bits to represent, but 'int' only has 32
bits [-Wshift-overflow]
urb_p->urb->pipe &= ~(11 << 30);
~~ ^ ~~
Fixes: 79c02cb1fd5c ("usbip: vudc: Add vudc_rx")
Signed-off-by: Nicolas Iooss <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
As find_endpoint() is a global funcion rename it to vudc_find_endpoint()
to clearly mark where does it come from.
Signed-off-by: Krzysztof Opasiak <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Add functions which allows to receive urbs from the client.
It receives traffic in a loop in a separate thread.
This commit is a result of cooperation between Samsung R&D Institute
Poland and Open Operating Systems Student Society at University
of Warsaw (O2S3@UW) consisting of:
Igor Kotrasinski <[email protected]>
Karol Kosik <[email protected]>
Ewelina Kosmider <[email protected]>
Dawid Lazarczyk <[email protected]>
Piotr Szulc <[email protected]>
Tutor and project owner:
Krzysztof Opasiak <[email protected]>
Signed-off-by: Igor Kotrasinski <[email protected]>
Signed-off-by: Karol Kosik <[email protected]>
Signed-off-by: Krzysztof Opasiak <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|