• Sarah Sharp's avatar
    USB: xhci: Fix command completion after a drop endpoint. · 06df5729
    Sarah Sharp authored
    The xHCI driver issues a Configure Endpoint command for two reasons:
     - a new configuration or alternate interface setting is selected
     - a quirky Fresco Logic prototype requires the command after a Reset
       Endpoint command.
    The xHCI driver only waits on the command in the first case.
    
    When a configure endpoint command completes, the driver needs to know why
    the command was generated.  When the driver only supported selecting an
    initial configuration, the check was simple.  Unfortunately that check
    doesn't work now that the driver supports alternate interfaces.  If an
    endpoint must be dropped (because it's not in the new alternate setting)
    and no new endpoints are added, the math involving
    xhci_last_valid_endpoint() will assign -1 to an unsigned integer and cause
    an out-of-bounds array access.
    
    Move the check for the quirky hardware sooner and avoid the bad array
    access.
    Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    06df5729
xhci-ring.c 72.3 KB