From: Matthew Dillon Date: Sat, 29 Apr 2006 22:05:21 +0000 (+0000) Subject: Bring in some fixes from NetBSD: X-Git-Tag: v2.0.1~5014 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/6000a600c26d1a35f2c9c6d4eb01a260482b8f10 Bring in some fixes from NetBSD: - Avoid NULL pointer dereference (ehci.c) - Abort quickly if we don't have a buffer in all the cases. (uhci.c) - Only do the software reset if we are dying, like we do in ohci and ehci (uhci.c) Submitted-by: Gary Taken-from: NetBSD --- diff --git a/sys/bus/usb/ehci.c b/sys/bus/usb/ehci.c index 6ec9dfac8f..1f6de150c7 100644 --- a/sys/bus/usb/ehci.c +++ b/sys/bus/usb/ehci.c @@ -1,7 +1,7 @@ /* * $NetBSD: ehci.c,v 1.67 2004/07/06 04:18:05 mycroft Exp $ * $FreeBSD: src/sys/dev/usb/ehci.c,v 1.5 2003/11/10 00:20:52 joe Exp $ - * $DragonFly: src/sys/bus/usb/ehci.c,v 1.18 2006/04/23 03:07:58 dillon Exp $ + * $DragonFly: src/sys/bus/usb/ehci.c,v 1.19 2006/04/29 22:05:21 dillon Exp $ */ /* @@ -1575,6 +1575,8 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer) break; case C(UR_GET_DESCRIPTOR, UT_READ_DEVICE): DPRINTFN(8,("ehci_root_ctrl_start wValue=0x%04x\n", value)); + if (len == 0) + break; switch(value >> 8) { case UDESC_DEVICE: if ((value & 0xff) != 0) { @@ -1623,8 +1625,6 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer) memcpy(buf, &ehci_endpd, l); break; case UDESC_STRING: - if (len == 0) - break; *(u_int8_t *)buf = 0; totlen = 1; switch (value & 0xff) { @@ -1753,6 +1753,8 @@ ehci_root_ctrl_start(usbd_xfer_handle xfer) #endif break; case C(UR_GET_DESCRIPTOR, UT_READ_CLASS_DEVICE): + if (len == 0) + break; if ((value & 0xff) != 0) { err = USBD_IOERROR; goto ret; diff --git a/sys/bus/usb/ohci.c b/sys/bus/usb/ohci.c index 6412d1e556..99c16587a9 100644 --- a/sys/bus/usb/ohci.c +++ b/sys/bus/usb/ohci.c @@ -1,7 +1,7 @@ /* * $NetBSD: ohci.c,v 1.138 2003/02/08 03:32:50 ichiro Exp $ * $FreeBSD: src/sys/dev/usb/ohci.c,v 1.141 2003/12/22 15:40:10 shiba Exp $ - * $DragonFly: src/sys/bus/usb/ohci.c,v 1.12 2005/07/18 19:20:46 dillon Exp $ + * $DragonFly: src/sys/bus/usb/ohci.c,v 1.13 2006/04/29 22:05:21 dillon Exp $ */ /* Also, already ported: * $NetBSD: ohci.c,v 1.140 2003/05/13 04:42:00 gson Exp $ @@ -2274,6 +2274,7 @@ ohci_abort_xfer(usbd_xfer_handle xfer, usbd_status status) usb_uncallout(xfer->timeout_handle, ohci_timeout, xfer); usb_transfer_complete(xfer); crit_exit(); + return; } if (xfer->device->bus->intr_context /* || !curproc REMOVED DFly */) diff --git a/sys/bus/usb/uhci.c b/sys/bus/usb/uhci.c index 6d2f280121..11213ff320 100644 --- a/sys/bus/usb/uhci.c +++ b/sys/bus/usb/uhci.c @@ -2,7 +2,7 @@ * $NetBSD: uhci.c,v 1.80 2000/01/19 01:16:38 augustss Exp $ * $NetBSD: uhci.c,v 1.170 2003/02/19 01:35:04 augustss Exp $ * $FreeBSD: src/sys/dev/usb/uhci.c,v 1.149 2003/11/10 00:08:41 joe Exp $ - * $DragonFly: src/sys/bus/usb/uhci.c,v 1.12 2005/06/02 20:40:40 dillon Exp $ + * $DragonFly: src/sys/bus/usb/uhci.c,v 1.13 2006/04/29 22:05:21 dillon Exp $ */ /* Also already incorporated from NetBSD: @@ -1150,13 +1150,13 @@ uhci_intr(void *arg) if (sc->sc_dying) return (0); - DPRINTFN(15,("uhci_intr: real interrupt\n")); if (sc->sc_bus.use_polling) { #ifdef DIAGNOSTIC - printf("uhci_intr: ignored interrupt while polling\n"); + DPRINTFN(16, ("uhci_intr: ignored interrupt while polling\n")); #endif return (0); } + return (uhci_intr1(sc)); } @@ -1964,6 +1964,7 @@ uhci_abort_xfer(usbd_xfer_handle xfer, usbd_status status) #endif usb_transfer_complete(xfer); crit_exit(); + return; } /* Close a device bulk pipe. */ @@ -3161,6 +3162,8 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer) break; case C(UR_GET_DESCRIPTOR, UT_READ_DEVICE): DPRINTFN(2,("uhci_root_ctrl_control wValue=0x%04x\n", value)); + if (len == 0) + break; switch(value >> 8) { case UDESC_DEVICE: if ((value & 0xff) != 0) { @@ -3190,8 +3193,6 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer) memcpy(buf, &uhci_endpd, l); break; case UDESC_STRING: - if (len == 0) - break; *(u_int8_t *)buf = 0; totlen = 1; switch (value & 0xff) { @@ -3323,6 +3324,8 @@ uhci_root_ctrl_start(usbd_xfer_handle xfer) } break; case C(UR_GET_DESCRIPTOR, UT_READ_CLASS_DEVICE): + if (len == 0) + break; if (value != 0) { err = USBD_IOERROR; goto ret;