| From: Johan Hovold <johan@kernel.org> |
| Date: Tue, 3 Jan 2017 16:39:47 +0100 |
| Subject: USB: serial: iuu_phoenix: fix NULL-deref at open |
| |
| commit 90507d54f712d81b74815ef3a4bbb555cd9fab2f upstream. |
| |
| Fix NULL-pointer dereference at open should the device lack a bulk-in or |
| bulk-out endpoint: |
| |
| Unable to handle kernel NULL pointer dereference at virtual address 00000030 |
| ... |
| PC is at iuu_open+0x78/0x59c [iuu_phoenix] |
| |
| Fixes: 07c3b1a10016 ("USB: remove broken usb-serial num_endpoints |
| check") |
| Signed-off-by: Johan Hovold <johan@kernel.org> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| drivers/usb/serial/iuu_phoenix.c | 11 +++++++++++ |
| 1 file changed, 11 insertions(+) |
| |
| --- a/drivers/usb/serial/iuu_phoenix.c |
| +++ b/drivers/usb/serial/iuu_phoenix.c |
| @@ -68,6 +68,16 @@ struct iuu_private { |
| u32 clk; |
| }; |
| |
| +static int iuu_attach(struct usb_serial *serial) |
| +{ |
| + unsigned char num_ports = serial->num_ports; |
| + |
| + if (serial->num_bulk_in < num_ports || serial->num_bulk_out < num_ports) |
| + return -ENODEV; |
| + |
| + return 0; |
| +} |
| + |
| static int iuu_port_probe(struct usb_serial_port *port) |
| { |
| struct iuu_private *priv; |
| @@ -1196,6 +1206,7 @@ static struct usb_serial_driver iuu_devi |
| .tiocmset = iuu_tiocmset, |
| .set_termios = iuu_set_termios, |
| .init_termios = iuu_init_termios, |
| + .attach = iuu_attach, |
| .port_probe = iuu_port_probe, |
| .port_remove = iuu_port_remove, |
| }; |
