Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4498391yba;
        Wed, 17 Apr 2019 12:50:21 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw6+he+JxgIvF2q3tDAq6QvmAJEF7nPfcbDel0gnkOOfZL/z1Y+YG6MznYQ9Hrs3uPgqSZn
X-Received: by 2002:a65:43c3:: with SMTP id n3mr86694666pgp.375.1555530621033;
        Wed, 17 Apr 2019 12:50:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555530621; cv=none;
        d=google.com; s=arc-20160816;
        b=xz3T9kL/rtHivCiK9+ms+k2Dwi+RLwY8b7USUG9aouZa8dCa/t6Zc0GAdkfagqm/nF
         VGAIytY8y1ZQgnRerg6F3Lg4UzpMgsANdJDcgN6EMBvG/VdyZH/pEhi+r3bPW8OhdhuC
         6OWd/1R/2IaafuGjNknOPMDNEyRu/g4oulqzs0kx6wwDHpDECgbqGtHzFDwfudLcg+hB
         ZYNkP0QSH1hkO7uxnLaiYMFF1uN2hAAIfCNkAXeatMHQADoqvtlzMLUKPb9swoPTzoK1
         u7Jr6OTNaAUM9UhPuzzB5z87ex2m6g9UYdn/b1Im0Qq4rmryJLhyqR+3bh5be7OntWyr
         762A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=fVRLMFVlP4aoyOPai3vG4YJQ6Jt3XdrQ48WHWg7vQRE=;
        b=SCC53XAmAffMyO5gDVrnGl1upksTQhLMurGGFjbLxF6mE+jYpLKnb91G/lHOiST0B4
         WF84xNAhFJQC4uCM0v6ed+s/+fEwEtrJS7rwH9fZ0ZwtWKgkKIVbHGCyEnShnJCzAw7U
         3RzB41nvE9nk3DdKn0DqGG5ErmOOdJLImn4iRsWy/MbkACFQaISqvmwNYB8rB8Pv9L7S
         2p5Vn4u9+ymZRPWY9rbqwdm2W/9I/H5tQAlR6nWMQGfsmvrb+WIBZYxCPFww0NZk9vLy
         3g8FhlkBx2z9r/8HKk3SvWIF85EhKV4ZLdqtNLV9mlYiXQ4bDr/oTO/7UjxKPUqrk48u
         OlJA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=KtAHVKGe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q9si45096962pgv.542.2019.04.17.12.50.05;
        Wed, 17 Apr 2019 12:50:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=KtAHVKGe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733275AbfDQTtG (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Wed, 17 Apr 2019 15:49:06 -0400
Received: from mail.kernel.org ([198.145.29.99]:50098 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729779AbfDQTtG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Apr 2019 15:49:06 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 17793205C9;
        Wed, 17 Apr 2019 19:49:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1555530545;
        bh=LIfKUoGrsM+QwrdYm+u54524zcfDJvUPW/bsafPuppo=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=KtAHVKGesQ1yT67p//eq3tjBwVuozoJkYYJalUHQ2sdLn4PjfhGU/07OrqtO/dqas
         50fKhzhRxrU7h5zARGrMFxkC4LSm1nKPpplSiQbV8Q7ULXtQJ0bnVkvAoopGOCwiDk
         lNwohGRvhGR5iHYSTG5/Dssp0ArdYvPS1rWsizHQ=
Date:   Wed, 17 Apr 2019 21:49:03 +0200
From:   Greg KH <gregkh@linuxfoundation.org>
To:     "zhuyan (M)" <zhuyan34@huawei.com>
Cc:     Alan Stern <stern@rowland.harvard.edu>,
        "anton@enomsg.org" <anton@enomsg.org>,
        "linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] usb:host: fix divide-by-zero in function
 fhci_queue_urb
Message-ID: <20190417194903.GD28125@kroah.com>
References: <63401dc56ae64aa3a428c4bb8a84034e@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <63401dc56ae64aa3a428c4bb8a84034e@huawei.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Apr 17, 2019 at 05:05:33PM +0000, zhuyan (M) wrote:
> On Wed, 17 Apr 2019, Alan Stern wrote:
> 
> > On Wed, 17 Apr 2019, zhuyan (M) wrote:
> > 
> > > On Tue, 16 Apr 2019 11:07:56 -0400, Alan Stern wrote:
> > > 
> > > > On Tue, 16 Apr 2019, zhuyan (M) wrote:
> > > > > On Tue, 16 Apr 2019 at 11:45:45 +0200, Greg KH wrote:
> > > > > > On Tue, Apr 09, 2019 at 10:37:12PM +0800, zhuyan wrote:
> > > > > > > In function fhci_queue_urb, the divisor of expression 
> > > > > > > (urb->transfer_buffer_length % usb_maxpacket(urb->dev, 
> > > > > > > urb->pipe,
> > > > > > > usb_pipeout(urb->pipe))) may be zero.
> > > > > > 
> > > > > > How can you hit that?
> > > > > > 
> > > > > > > When it is zero, unexpected results may occur, so it is 
> > > > > > > necessary to ensure that the divisor is not zero.
> > > > > > > 
> > > > > > > Signed-off-by: zhuyan <zhuyan34@huawei.com>
> > > > > > 
> > > > > > I need a "Full" name here, not just a single name.  Whatever you use to sign documents is good.
> > > > > > 
> > > > > > thanks,
> > > > > > 
> > > > > > greg k-h
> > > > > 
> > > > > In function usb_maxpacket, when ep is NULL, its return value is 0.  
> > > > 
> > > > fhci_queue_urb() shouldn't use urb->pipe to compute the maxpacket 
> > > > size anyway.  It should use usb_endpoint_maxp(&urb->ep->desc).
> > > 
> > > Currently, fhci_queue_urb(), call usb_maxpacket() multiple times to 
> > > calculate  the maxpacket size. The usb_maxpacket() will call 
> > > usb_endpoint_maxp() to compute the maxpacket size.
> > 
> > I know that.  What fhci_queue_urb() is doing is wrong.  You should change it: 
> > Make it call usb_endpoint_maxp directly instead of calling usb_maxpacket.
> > 
> 
> >From 1996456d0cc17b5ff7746a598ff355b25d13db3e Mon Sep 17 00:00:00 2001
> From: zhuyan <zhuyan34@huawei.com>
> Date: Thu, 18 Apr 2019 00:53:03 +0800
> Subject: [PATCH] usb: host: fix divide-by-zero in function fhci_queue_urb
> 
> fhci_queue_urb() shouldn't use urb->pipe to compute the maxpacket
> size anyway.It should use usb_endpoint_maxp(&urb->ep->desc).
> 
> In function fhci_queue_urb, the divisor of expression
> (urb->transfer_buffer_length % usb_maxpacket(urb->dev, urb->pipe,
> usb_pipeout(urb->pipe))) may be zero. When it is zero, unexpected results
> may occur, so it is necessary to ensure that the divisor is not zero.
> 
> Signed-off-by: zhuyan <zhuyan34@huawei.com>

I still need a full name here and on the From: line :(

thanks,

greg k-h