From: Hans de Goede Date: Sat, 13 Sep 2014 10:26:33 +0000 (+0200) Subject: uas: Check against unexpected completions X-Git-Tag: firefly_0821_release~176^2~3122^2~79 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d89da03acec19b39506f3ef32e09134b50b4adb9;p=firefly-linux-kernel-4.4.55.git uas: Check against unexpected completions The status urb should not complete before the command has been submitted, nor should we get a second status urb for the same tag after a IU_ID_STATUS. Data urbs should not complete before the command has been submitted, but may complete after the IU_ID_STATUS. Signed-off-by: Hans de Goede Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index 33db53f1ce9e..7f56f31ed661 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -371,6 +371,12 @@ static void uas_stat_cmplt(struct urb *urb) cmnd = devinfo->cmnd[idx]; cmdinfo = (void *)&cmnd->SCp; + + if (!(cmdinfo->state & COMMAND_INFLIGHT)) { + scmd_printk(KERN_ERR, cmnd, "unexpected status cmplt\n"); + goto out; + } + switch (iu->iu_id) { case IU_ID_STATUS: if (urb->actual_length < 16) @@ -436,6 +442,12 @@ static void uas_data_cmplt(struct urb *urb) if (devinfo->resetting) goto out; + /* Data urbs should not complete before the cmd urb is submitted */ + if (cmdinfo->state & SUBMIT_CMD_URB) { + scmd_printk(KERN_ERR, cmnd, "unexpected data cmplt\n"); + goto out; + } + if (urb->status) { if (urb->status != -ECONNRESET) { uas_log_cmd_state(cmnd, __func__);