git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'stable-3.2' into pandora-3.2
[pandora-kernel.git] / drivers / usb / core / config.c
diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
index 989256e..4c09812 100644 (file)
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -521,6 +521,9 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
        unsigned iad_num = 0;
 
        memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
+       nintf = nintf_orig = config->desc.bNumInterfaces;
+       config->desc.bNumInterfaces = 0;        // Adjusted later
+
        if (config->desc.bDescriptorType != USB_DT_CONFIG ||
            config->desc.bLength < USB_DT_CONFIG_SIZE ||
            config->desc.bLength > size) {
@@ -534,7 +537,6 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
        buffer += config->desc.bLength;
        size -= config->desc.bLength;
 
-       nintf = nintf_orig = config->desc.bNumInterfaces;
        if (nintf > USB_MAXINTERFACES) {
                dev_warn(ddev, "config %d has too many interfaces: %d, "
                    "using maximum allowed: %d\n",
@@ -609,15 +611,23 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
 
                } else if (header->bDescriptorType ==
                                USB_DT_INTERFACE_ASSOCIATION) {
+                       struct usb_interface_assoc_descriptor *d;
+
+                       d = (struct usb_interface_assoc_descriptor *)header;
+                       if (d->bLength < USB_DT_INTERFACE_ASSOCIATION_SIZE) {
+                               dev_warn(ddev,
+                                        "config %d has an invalid interface association descriptor of length %d, skipping\n",
+                                        cfgno, d->bLength);
+                               continue;
+                       }
+
                        if (iad_num == USB_MAXIADS) {
                                dev_warn(ddev, "found more Interface "
                                               "Association Descriptors "
                                               "than allocated for in "
                                               "configuration %d\n", cfgno);
                        } else {
-                               config->intf_assoc[iad_num] =
-                                       (struct usb_interface_assoc_descriptor
-                                       *)header;
+                               config->intf_assoc[iad_num] = d;
                                iad_num++;
                        }
 
@@ -822,7 +832,7 @@ int usb_get_configuration(struct usb_device *dev)
                }
 
                if (dev->quirks & USB_QUIRK_DELAY_INIT)
-                       msleep(100);
+                       msleep(200);
 
                result = usb_get_descriptor(dev, USB_DT_CONFIG, cfgno,
                    bigbuffer, length);
@@ -868,6 +878,13 @@ void usb_release_bos_descriptor(struct usb_device *dev)
        }
 }
 
+static const __u8 bos_desc_len[256] = {
+       [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE,
+       [USB_CAP_TYPE_EXT]          = USB_DT_USB_EXT_CAP_SIZE,
+       [USB_SS_CAP_TYPE]           = USB_DT_USB_SS_CAP_SIZE,
+       [CONTAINER_ID_TYPE]         = USB_DT_USB_SS_CONTN_ID_SIZE,
+};
+
 /* Get BOS descriptor set */
 int usb_get_bos_descriptor(struct usb_device *dev)
 {
@@ -876,6 +893,7 @@ int usb_get_bos_descriptor(struct usb_device *dev)
        struct usb_dev_cap_header *cap;
        unsigned char *buffer;
        int length, total_len, num, i;
+       __u8 cap_type;
        int ret;
 
        bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL);
@@ -923,10 +941,18 @@ int usb_get_bos_descriptor(struct usb_device *dev)
        for (i = 0; i < num; i++) {
                buffer += length;
                cap = (struct usb_dev_cap_header *)buffer;
-               length = cap->bLength;
 
-               if (total_len < length)
+               if (total_len < sizeof(*cap) || total_len < cap->bLength) {
+                       dev->bos->desc->bNumDeviceCaps = i;
                        break;
+               }
+               cap_type = cap->bDevCapabilityType;
+               length = cap->bLength;
+               if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) {
+                       dev->bos->desc->bNumDeviceCaps = i;
+                       break;
+               }
+
                total_len -= length;
 
                if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) {
@@ -934,7 +960,7 @@ int usb_get_bos_descriptor(struct usb_device *dev)
                        continue;
                }
 
-               switch (cap->bDevCapabilityType) {
+               switch (cap_type) {
                case USB_CAP_TYPE_WIRELESS_USB:
                        /* Wireless USB cap descriptor is handled by wusb */
                        break;
Pandora Kernel Repository