Bring in some fixes from NetBSD:
authorMatthew Dillon <dillon@dragonflybsd.org>
Sat, 29 Apr 2006 22:05:21 +0000 (22:05 +0000)
committerMatthew Dillon <dillon@dragonflybsd.org>
Sat, 29 Apr 2006 22:05:21 +0000 (22:05 +0000)
- Avoid NULL pointer dereference (ehci.c)
- Abort quickly if we don't have a buffer in all the cases. (uhci.c)
- Only do the software reset if we are dying, like we do in ohci and
  ehci (uhci.c)

Submitted-by: Gary <gary@velocity-servers.net>
Taken-from: NetBSD

sys/bus/usb/ehci.c
sys/bus/usb/ohci.c
sys/bus/usb/uhci.c

index 6ec9dfa..1f6de15 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * $NetBSD: ehci.c,v 1.67 2004/07/06 04:18:05 mycroft Exp $
  * $FreeBSD: src/sys/dev/usb/ehci.c,v 1.5 2003/11/10 00:20:52 joe Exp $
- * $DragonFly: src/sys/bus/usb/ehci.c,v 1.18 2006/04/23 03:07:58 dillon Exp $
+ * $DragonFly: src/sys/bus/usb/ehci.c,v 1.19 2006/04/29 22:05:21 dillon Exp $
  */
 
 /*
@@ -1575,6 +1575,8 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer)
                break;
        case C(UR_GET_DESCRIPTOR, UT_READ_DEVICE):
                DPRINTFN(8,("ehci_root_ctrl_start wValue=0x%04x\n", value));
+               if (len == 0)
+                       break;
                switch(value >> 8) {
                case UDESC_DEVICE:
                        if ((value & 0xff) != 0) {
@@ -1623,8 +1625,6 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer)
                        memcpy(buf, &ehci_endpd, l);
                        break;
                case UDESC_STRING:
-                       if (len == 0)
-                               break;
                        *(u_int8_t *)buf = 0;
                        totlen = 1;
                        switch (value & 0xff) {
@@ -1753,6 +1753,8 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer)
 #endif
                break;
        case C(UR_GET_DESCRIPTOR, UT_READ_CLASS_DEVICE):
+               if (len == 0)
+                       break;
                if ((value & 0xff) != 0) {
                        err = USBD_IOERROR;
                        goto ret;
index 6412d1e..99c1658 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * $NetBSD: ohci.c,v 1.138 2003/02/08 03:32:50 ichiro Exp $
  * $FreeBSD: src/sys/dev/usb/ohci.c,v 1.141 2003/12/22 15:40:10 shiba Exp $
- * $DragonFly: src/sys/bus/usb/ohci.c,v 1.12 2005/07/18 19:20:46 dillon Exp $
+ * $DragonFly: src/sys/bus/usb/ohci.c,v 1.13 2006/04/29 22:05:21 dillon Exp $
  */
 /* Also, already ported:
  *     $NetBSD: ohci.c,v 1.140 2003/05/13 04:42:00 gson Exp $
@@ -2274,6 +2274,7 @@ ohci_abort_xfer(usbd_xfer_handle xfer, usbd_status status)
                usb_uncallout(xfer->timeout_handle, ohci_timeout, xfer);
                usb_transfer_complete(xfer);
                crit_exit();
+               return;
        }
 
        if (xfer->device->bus->intr_context /* || !curproc REMOVED DFly */)
index 6d2f280..11213ff 100644 (file)
@@ -2,7 +2,7 @@
  * $NetBSD: uhci.c,v 1.80 2000/01/19 01:16:38 augustss Exp $
  * $NetBSD: uhci.c,v 1.170 2003/02/19 01:35:04 augustss Exp $
  * $FreeBSD: src/sys/dev/usb/uhci.c,v 1.149 2003/11/10 00:08:41 joe Exp $
- * $DragonFly: src/sys/bus/usb/uhci.c,v 1.12 2005/06/02 20:40:40 dillon Exp $
+ * $DragonFly: src/sys/bus/usb/uhci.c,v 1.13 2006/04/29 22:05:21 dillon Exp $
  */
 
 /*     Also already incorporated from NetBSD:
@@ -1150,13 +1150,13 @@ uhci_intr(void *arg)
        if (sc->sc_dying)
                return (0);
 
-       DPRINTFN(15,("uhci_intr: real interrupt\n"));
        if (sc->sc_bus.use_polling) {
 #ifdef DIAGNOSTIC
-               printf("uhci_intr: ignored interrupt while polling\n");
+               DPRINTFN(16, ("uhci_intr: ignored interrupt while polling\n"));
 #endif
                return (0);
        }
+
        return (uhci_intr1(sc));
 }
 
@@ -1964,6 +1964,7 @@ uhci_abort_xfer(usbd_xfer_handle xfer, usbd_status status)
 #endif
        usb_transfer_complete(xfer);
        crit_exit();
+       return;
 }
 
 /* Close a device bulk pipe. */
@@ -3161,6 +3162,8 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer)
                break;
        case C(UR_GET_DESCRIPTOR, UT_READ_DEVICE):
                DPRINTFN(2,("uhci_root_ctrl_control wValue=0x%04x\n", value));
+               if (len == 0)
+                       break;
                switch(value >> 8) {
                case UDESC_DEVICE:
                        if ((value & 0xff) != 0) {
@@ -3190,8 +3193,6 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer)
                        memcpy(buf, &uhci_endpd, l);
                        break;
                case UDESC_STRING:
-                       if (len == 0)
-                               break;
                        *(u_int8_t *)buf = 0;
                        totlen = 1;
                        switch (value & 0xff) {
@@ -3323,6 +3324,8 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer)
                }
                break;
        case C(UR_GET_DESCRIPTOR, UT_READ_CLASS_DEVICE):
+               if (len == 0)
+                       break;
                if (value != 0) {
                        err = USBD_IOERROR;
                        goto ret;