[Kernel] Re: [PATCH OpenHarmony-5.10 02/18] USB: gadget: bRequestType is a bitfield, not a enum

在 2022/1/24 9:03, yiyuchangchun@126.com 写道:

From: Greg Kroah-Hartman

mainline inclusion form mainline-v5.16-rc6 commit f08adf5add9a071160c68bb2a61d697f39ab0758 issue: #I4RVJ4 CVE: CVE-2021-39685

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

Signed-off-by: Yu Changchun --------------------------------

Szymon rightly pointed out that the previous check for the endpoint direction in bRequestType was not looking at only the bit involved, but rather the whole value. Normally this is ok, but for some request types, bits other than bit 8 could be set and the check for the endpoint length could not stall correctly.

Fix that up by only checking the single bit.

Fixes: 153a2d7e3350 ("USB: gadget: detect too-big endpoint 0 requests") Cc: Felipe Balbi Reported-by: Szymon Heidrich Link: https://lore.kernel.org/r/20211214184621.385828-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chen Jun Signed-off-by: Zheng Zengkai Signed-off-by: Yu Changchun ---

Reviewed-by: Wei Yongjun