diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-12-14 21:46:21 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-12-15 20:40:48 +0300 |
| commit | f08adf5add9a071160c68bb2a61d697f39ab0758 (patch) | |
| tree | de0fe3e62ddf30bcc6b037fb459a22a307cc3cd4 /drivers/usb/gadget/legacy/inode.c | |
| parent | 99ea221f2e2f2743314e348b25c1e2574b467528 (diff) | |
| download | linux-f08adf5add9a071160c68bb2a61d697f39ab0758.tar.xz | |
USB: gadget: bRequestType is a bitfield, not a enum
Szymon rightly pointed out that the previous check for the endpoint
direction in bRequestType was not looking at only the bit involved, but
rather the whole value. Normally this is ok, but for some request
types, bits other than bit 8 could be set and the check for the endpoint
length could not stall correctly.
Fix that up by only checking the single bit.
Fixes: 153a2d7e3350 ("USB: gadget: detect too-big endpoint 0 requests")
Cc: Felipe Balbi <balbi@kernel.org>
Reported-by: Szymon Heidrich <szymon.heidrich@gmail.com>
Link: https://lore.kernel.org/r/20211214184621.385828-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/usb/gadget/legacy/inode.c')
| -rw-r--r-- | drivers/usb/gadget/legacy/inode.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index 63150e3889ef..3b58f4fc0a80 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb/gadget/legacy/inode.c @@ -1334,14 +1334,14 @@ gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) u16 w_length = le16_to_cpu(ctrl->wLength); if (w_length > RBUF_SIZE) { - if (ctrl->bRequestType == USB_DIR_OUT) { - return value; - } else { + if (ctrl->bRequestType & USB_DIR_IN) { /* Cast away the const, we are going to overwrite on purpose. */ __le16 *temp = (__le16 *)&ctrl->wLength; *temp = cpu_to_le16(RBUF_SIZE); w_length = RBUF_SIZE; + } else { + return value; } } |