tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
USB: Do not pass negative length to snoop_urb()
When `echo Y > /sys/module/usbcore/parameters/usbfs_snoop` and
usb_control_msg() returns error, a lot of kernel memory is dumped to dmesg
until unhandled kernel paging request occurs.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
authored by
Michal Sojka
and committed by
Greg Kroah-Hartman
9d02b426
4bbba111
+1
-1
+1
-1
drivers/usb/core/devio.c
+1
-1
drivers/usb/core/devio.c
···
802
802
tbuf, ctrl.wLength, tmo);
803
803
usb_lock_device(dev);
804
804
snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
805
-
tbuf, i);
805
+
tbuf, max(i, 0));
806
806
if ((i > 0) && ctrl.wLength) {
807
807
if (copy_to_user(ctrl.data, tbuf, i)) {
808
808
free_page((unsigned long)tbuf);