Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3918208yba; Wed, 17 Apr 2019 00:11:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqxI6WryNCPYSn5467vCzFTsGGMSuXLBT6Fu2MAMkoSD0mhpNjw66pDsA/NaCNl4F6RXpL+T X-Received: by 2002:a63:4b21:: with SMTP id y33mr82278614pga.37.1555485089732; Wed, 17 Apr 2019 00:11:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555485089; cv=none; d=google.com; s=arc-20160816; b=StAt6sguov0zUJbtGpTcc9lnHglYfGIOTXXrzlfxL7i+4dWt3TjlsGedYizhVXNNaA Z1fpLRPzO5M+U2fTsVsmnHGdo9ORUUMrY7vffpyJAvTAeAasAsojjw4E48FwfQ52Xv1R gSPxi3DczzgURBqoE1ok/VMRS2PehRZocKIMD0dXrHiEOa6RGEJFCZBGznyZcDN5Ln8H BoH6tEgpGBcUu+R/5v0OlNu/Ec87rrEScbyj8WxO5jEVSo3vlfVB14uTnlk2kGxIOFJQ SFSLozE4kMZT1y0tfX48O1XDIdoXmZpYnLdBlDhfTw20VP5wgcJeioGy9wxN+LWMzrp1 kU8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=j5mM2Umydv/LPzQ2hifsl/W26fvTBrzz51L9ADlQ7CM=; b=S+jgBTabzk8lh0WeXu+8uQ03dErsEKgW/rI5CJYoMgx533YGTfdzM0aUgS2+4Gqb8w BdjQqhxCBzAJ/8U4v+s43AKNtgUXxFfmR0wZqrC3qDVjSBDcge59iKDEMH1vSl9LUVEA mhEmK1WsWycrr/PwRNzkJGKUmXGF4OEBBKMYOP708chxhgAKS+5khH1xvDrCKy4N8+lN O8sDNQ7AtlKGxKimV5ZT3onkdRw4ZQEGbtqFrS9K+aFUr8BbIRNyLDQjYCdBKGJHdsQP /yjItuA6qfIPnf0v8lf193zl7OVu9M5tue9uAE+8Eq6opnzZ7+NWopwWlozVEWL+bBXH nMcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g20si50390612pfi.266.2019.04.17.00.11.15; Wed, 17 Apr 2019 00:11:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730950AbfDQHKF convert rfc822-to-8bit (ORCPT + 99 others); Wed, 17 Apr 2019 03:10:05 -0400 Received: from szxga08-in.huawei.com ([45.249.212.255]:35782 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728261AbfDQHKF (ORCPT ); Wed, 17 Apr 2019 03:10:05 -0400 Received: from DGGEMM406-HUB.china.huawei.com (unknown [172.30.72.57]) by Forcepoint Email with ESMTP id 996C8CC5A94DDB03CB93; Wed, 17 Apr 2019 15:10:00 +0800 (CST) Received: from dggeme761-chm.china.huawei.com (10.3.19.107) by DGGEMM406-HUB.china.huawei.com (10.3.20.214) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 17 Apr 2019 15:09:41 +0800 Received: from dggeme762-chm.china.huawei.com (10.3.19.108) by dggeme761-chm.china.huawei.com (10.3.19.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 17 Apr 2019 15:09:41 +0800 Received: from dggeme762-chm.china.huawei.com ([10.8.68.53]) by dggeme762-chm.china.huawei.com ([10.8.68.53]) with mapi id 15.01.1591.008; Wed, 17 Apr 2019 15:09:41 +0800 From: "zhuyan (M)" To: Alan Stern CC: Greg KH , "anton@enomsg.org" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "zhuyan (M)" Subject: Re: [PATCH] usb:host: fix divide-by-zero in function fhci_queue_urb Thread-Topic: [PATCH] usb:host: fix divide-by-zero in function fhci_queue_urb Thread-Index: AdT05r4f+lcz9XnHRgGSjwdOkKXG4g== Date: Wed, 17 Apr 2019 07:09:41 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.40.99.186] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 16 Apr 2019 11:07:56 -0400, Alan Stern wrote: > On Tue, 16 Apr 2019, zhuyan (M) wrote: > > On Tue, 16 Apr 2019 at 11:45:45 +0200, Greg KH wrote: > > > On Tue, Apr 09, 2019 at 10:37:12PM +0800, zhuyan wrote: > > > > In function fhci_queue_urb, the divisor of expression > > > > (urb->transfer_buffer_length % usb_maxpacket(urb->dev, urb->pipe, > > > > usb_pipeout(urb->pipe))) may be zero. > > > > > > How can you hit that? > > > > > > > When it is zero, unexpected results may occur, so it is necessary > > > > to ensure that the divisor is not zero. > > > > > > > > Signed-off-by: zhuyan > > > > > > I need a "Full" name here, not just a single name. Whatever you use to sign documents is good. > > > > > > thanks, > > > > > > greg k-h > > > > In function usb_maxpacket, when ep is NULL, its return value is 0. > > fhci_queue_urb() shouldn't use urb->pipe to compute the maxpacket size > anyway. It should use usb_endpoint_maxp(&urb->ep->desc). Currently, fhci_queue_urb(), call usb_maxpacket() multiple times to calculate the maxpacket size. The usb_maxpacket() will call usb_endpoint_maxp() to compute the maxpacket size. zhuyan > > Then, in function fhci_queue_urb, the divisor of expression > > (urb->transfer_buffer_length % usb_maxpacket(urb->dev, urb->pipe, > > usb_pipeout(urb->pipe))) is zero. It will lead to unpredictable results.