From patchwork Tue Aug 2 09:19:41 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 654609 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3s3Vz16HgTz9t1t for ; Tue, 2 Aug 2016 19:19:57 +1000 (AEST) Received: from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3s3Vz13gkpzDqQw for ; Tue, 2 Aug 2016 19:19:57 +1000 (AEST) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3s3Vyv4929zDqQ1 for ; Tue, 2 Aug 2016 19:19:51 +1000 (AEST) Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E34FC636E7; Tue, 2 Aug 2016 09:19:49 +0000 (UTC) Received: from thh440s.redhat.com (ovpn-116-30.ams2.redhat.com [10.36.116.30]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u729JiBI022382; Tue, 2 Aug 2016 05:19:48 -0400 From: Thomas Huth To: slof@lists.ozlabs.org Date: Tue, 2 Aug 2016 11:19:41 +0200 Message-Id: <1470129584-27225-3-git-send-email-thuth@redhat.com> In-Reply-To: <1470129584-27225-1-git-send-email-thuth@redhat.com> References: <1470129584-27225-1-git-send-email-thuth@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 02 Aug 2016 09:19:49 +0000 (UTC) Subject: [SLOF] [PATCH v2 2/5] usb: Increase amount of maximum slot IDs and add a sanity check X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" SLOF should be able to support more than just four devices on the four root hub ports. So we've got to increase the amount of possible slot IDs. Since QEMU supports up to 44 devices (four devices at the root ports + 5 tiers of hubs with 8 ports each), this seems to be a good new value instead. And to make sure that we do not accidentially get a buffer overflow when accessing the xhcd->xdevs[slot_id] array, this patch also add a sanity check at the beginning of the xhci_alloc_dev() function here. Signed-off-by: Thomas Huth Reviewed-by: Nikunj A Dadhania --- lib/libusb/usb-xhci.c | 6 ++++++ lib/libusb/usb-xhci.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/libusb/usb-xhci.c b/lib/libusb/usb-xhci.c index b59fd40..eda5929 100644 --- a/lib/libusb/usb-xhci.c +++ b/lib/libusb/usb-xhci.c @@ -539,6 +539,12 @@ static bool xhci_alloc_dev(struct xhci_hcd *xhcd, uint32_t slot_id, uint32_t por uint16_t max_packet; uint32_t newport; + if (slot_id > XHCI_CONFIG_MAX_SLOT) { + dprintf("USB3 slot ID %d is too high (max is %d)\n", slot_id, + XHCI_CONFIG_MAX_SLOT); + return false; + } + ctx_size = CTX_SIZE(xhcd->hcc_csz_64); xdev = &xhcd->xdevs[slot_id]; xdev->slot_id = slot_id; diff --git a/lib/libusb/usb-xhci.h b/lib/libusb/usb-xhci.h index b02fcbf..793f18c 100644 --- a/lib/libusb/usb-xhci.h +++ b/lib/libusb/usb-xhci.h @@ -126,7 +126,7 @@ struct xhci_op_regs { #define XHCI_DCBAAP_MAX_SIZE 2048 uint32_t config; /* Configure */ -#define XHCI_CONFIG_MAX_SLOT 4 +#define XHCI_CONFIG_MAX_SLOT 44 uint8_t reserved2[964]; /* 3C - 3FF */ /* USB Port register set */