[SLOF] [PATCH v3 2/5] usb: Increase amount of maximum slot IDs and add a sanity check

Thomas Huth thuth at redhat.com
Tue Aug 2 20:58:06 AEST 2016


SLOF should be able to support more than just four devices on
the four root hub ports. So we've got to increase the amount of
possible slot IDs. Since QEMU supports up to 44 devices (four
devices at the root ports + 5 tiers of hubs with 8 ports each),
this seems to be a good new value instead. And to make sure that
we do not accidentially get a buffer overflow when accessing the
xhcd->xdevs[slot_id] array, this patch also add a sanity check at
the beginning of the xhci_alloc_dev() function here.

Signed-off-by: Thomas Huth <thuth at redhat.com>
Reviewed-by: Nikunj A Dadhania <nikunj at linux.vnet.ibm.com>
---
 v3: Change dprintf() into printf()

 lib/libusb/usb-xhci.c | 6 ++++++
 lib/libusb/usb-xhci.h | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/libusb/usb-xhci.c b/lib/libusb/usb-xhci.c
index b59fd40..eda5929 100644
--- a/lib/libusb/usb-xhci.c
+++ b/lib/libusb/usb-xhci.c
@@ -539,6 +539,12 @@ static bool xhci_alloc_dev(struct xhci_hcd *xhcd, uint32_t slot_id, uint32_t por
 	uint16_t max_packet;
 	uint32_t newport;
 
+	if (slot_id > XHCI_CONFIG_MAX_SLOT) {
+		printf("USB3 slot ID %d is too high (max is %d)\n", slot_id,
+			XHCI_CONFIG_MAX_SLOT);
+		return false;
+	}
+
 	ctx_size = CTX_SIZE(xhcd->hcc_csz_64);
 	xdev = &xhcd->xdevs[slot_id];
 	xdev->slot_id = slot_id;
diff --git a/lib/libusb/usb-xhci.h b/lib/libusb/usb-xhci.h
index b02fcbf..793f18c 100644
--- a/lib/libusb/usb-xhci.h
+++ b/lib/libusb/usb-xhci.h
@@ -126,7 +126,7 @@ struct xhci_op_regs {
 #define XHCI_DCBAAP_MAX_SIZE      2048
 
 	uint32_t config;         /* Configure */
-#define XHCI_CONFIG_MAX_SLOT      4
+#define XHCI_CONFIG_MAX_SLOT      44
 
 	uint8_t reserved2[964]; /* 3C - 3FF */
 	/* USB Port register set */
-- 
1.8.3.1



More information about the SLOF mailing list