[PATCH openEuler-1.0-LTS 2/2] comedi: vmk80xx: fix expression for tx buffer size

27 May 2024

From: Ian Abbott abbotti@mev.co.uk
stable inclusion
from stable-v4.19.249
commit 8b65a17d21412bd20e04d110b0e4bfed1ff0cb80
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RD17
CVE: CVE-2021-47475
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 242439f7e279d86b3f73b5de724bc67b2f8aeb07 upstream.
The expression for setting the size of the allocated bulk TX buffer
(`devpriv->usb_tx_buf`) is calling `usb_endpoint_maxp(devpriv->ep_rx)`,
which is using the wrong endpoint (should be `devpriv->ep_tx`).  Fix it.
Fixes: a23461c47482 ("comedi: vmk80xx: fix transfer-buffer overflow")
Cc: Johan Hovold johan@kernel.org
Cc: stable@vger.kernel.org # 4.9+
Reviewed-by: Johan Hovold johan@kernel.org
Signed-off-by: Ian Abbott abbotti@mev.co.uk
Link: https://lore.kernel.org/r/20220607171819.4121-1-abbotti@mev.co.uk
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Cai Xinchen caixinchen1@huawei.com
---
 drivers/staging/comedi/drivers/vmk80xx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/comedi/drivers/vmk80xx.c b/drivers/staging/comedi/drivers/vmk80xx.c
index 40a122e12610..2bbfaf54220e 100644
--- a/drivers/staging/comedi/drivers/vmk80xx.c
+++ b/drivers/staging/comedi/drivers/vmk80xx.c
@@ -671,7 +671,7 @@ static int vmk80xx_alloc_usb_buffers(struct comedi_device *dev)
    if (!devpriv->usb_rx_buf)
    	return -ENOMEM;
-	size = max(usb_endpoint_maxp(devpriv->ep_rx), MIN_BUF_SIZE);
+	size = max(usb_endpoint_maxp(devpriv->ep_tx), MIN_BUF_SIZE);
    devpriv->usb_tx_buf = kzalloc(size, GFP_KERNEL);
    if (!devpriv->usb_tx_buf)
    	return -ENOMEM;
-- 
2.34.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 2/2] comedi: vmk80xx: fix expression for tx buffer size