Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4201506yba; Wed, 17 Apr 2019 06:46:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqxfiiYAKKWT6S25tu+EpR9tt421P71voq3ErBBNsfnI9r+E2MLXqn8DWGkJjYoYbybosjmY X-Received: by 2002:a62:1d94:: with SMTP id d142mr87181352pfd.83.1555508798671; Wed, 17 Apr 2019 06:46:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555508798; cv=none; d=google.com; s=arc-20160816; b=ODIRTmASTZo97G/TFJcS4ABYuVQ93AVYYur4EOcCiBadRkuvu+IKfVL4I071RAuDXA n196lT+yx5D6BxOMx4LYifQtLMk4Ai3RYbD/fyC+1mTlEiDhPw9jjnszVWKmUTjOfMd1 IXDQiOQd2WXzB384NV2WcvxyqVhYKJxt7xYO+NGtSffYWhC0fiepXdn720MqSgjkQvWd wyDbP6NVmEif27G+8AEodOUbqvo5EOd40yC+SD60cwQIIYas1Qu544sws9dOCQTWP7m+ 7BfVBhrYzIg07F97mVxmVY/XiWpk6iLU1hTp6aRbyeYJ1yyHqLYxgjVxQZSAbAeFwsAI PROQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=WYUpqgpbdmj0oDXk9fIFCr8IBXy10REfRjS4iY5m+oc=; b=dZtHkj3+CMEFt6o+/37AJDYq9QCFF9TBTvGksxOZUG2wjbh+akh3SqLpXh7p83NsX/ OECUSvPno+Fe4oc9MCVUomMItuhLTpkbeV6L8YjaJMqCXN2eHfPy9UA6xVm1fFlJiNz0 kOz5hnsTazu70QGbJ++EdRx/JIKfxppQW3+mF1QUd1AqK5XuT6YcF2TQTbFQ0PR73Tdr Yb6o3I/g/7HkCaHqOVzSvMB/jonqoZkiCS9E+qtxkW/MXs2bY/xNpm2SxItiW5nZReGr o9PtEV4xkDl9U7pCXBFgb2HQ/3s0Fd6apkbBpe7eRv7JQNmiku12h3x9IEgoQuIpBi3G w9IQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si52840125pld.32.2019.04.17.06.46.23; Wed, 17 Apr 2019 06:46:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732330AbfDQNpG (ORCPT + 99 others); Wed, 17 Apr 2019 09:45:06 -0400 Received: from netrider.rowland.org ([192.131.102.5]:47619 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1729940AbfDQNpG (ORCPT ); Wed, 17 Apr 2019 09:45:06 -0400 Received: (qmail 28054 invoked by uid 500); 17 Apr 2019 09:45:04 -0400 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 17 Apr 2019 09:45:04 -0400 Date: Wed, 17 Apr 2019 09:45:04 -0400 (EDT) From: Alan Stern X-X-Sender: stern@netrider.rowland.org To: "zhuyan (M)" cc: Greg KH , "anton@enomsg.org" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] usb:host: fix divide-by-zero in function fhci_queue_urb In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 17 Apr 2019, zhuyan (M) wrote: > On Tue, 16 Apr 2019 11:07:56 -0400, Alan Stern wrote: > > > On Tue, 16 Apr 2019, zhuyan (M) wrote: > > > On Tue, 16 Apr 2019 at 11:45:45 +0200, Greg KH wrote: > > > > On Tue, Apr 09, 2019 at 10:37:12PM +0800, zhuyan wrote: > > > > > In function fhci_queue_urb, the divisor of expression > > > > > (urb->transfer_buffer_length % usb_maxpacket(urb->dev, urb->pipe, > > > > > usb_pipeout(urb->pipe))) may be zero. > > > > > > > > How can you hit that? > > > > > > > > > When it is zero, unexpected results may occur, so it is necessary > > > > > to ensure that the divisor is not zero. > > > > > > > > > > Signed-off-by: zhuyan > > > > > > > > I need a "Full" name here, not just a single name. Whatever you use to sign documents is good. > > > > > > > > thanks, > > > > > > > > greg k-h > > > > > > In function usb_maxpacket, when ep is NULL, its return value is 0. > > > > fhci_queue_urb() shouldn't use urb->pipe to compute the maxpacket size > > anyway. It should use usb_endpoint_maxp(&urb->ep->desc). > > Currently, fhci_queue_urb(), call usb_maxpacket() multiple times to calculate > the maxpacket size. The usb_maxpacket() will call usb_endpoint_maxp() to > compute the maxpacket size. I know that. What fhci_queue_urb() is doing is wrong. You should change it: Make it call usb_endpoint_maxp directly instead of calling usb_maxpacket. Alan Stern