From owner-dev-commits-src-all@freebsd.org Tue Sep 28 07:33:42 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 86CC767896C; Tue, 28 Sep 2021 07:33:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HJWTL2sNHz4ZFJ; Tue, 28 Sep 2021 07:33:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 34C1220980; Tue, 28 Sep 2021 07:33:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18S7XgXO089348; Tue, 28 Sep 2021 07:33:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18S7Xgqx089346; Tue, 28 Sep 2021 07:33:42 GMT (envelope-from git) Date: Tue, 28 Sep 2021 07:33:42 GMT Message-Id: <202109280733.18S7Xgqx089346@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Wojciech Macek Subject: git: 87e560496fc1 - stable/13 - ued may be NULL here which will cause a panic... reproducable by simply doing a usbconfig reset on a device which doesn't reset itself properly... MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wma X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 87e560496fc11391cd170c84b42f107f630653d5 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2021 07:33:42 -0000 The branch stable/13 has been updated by wma: URL: https://cgit.FreeBSD.org/src/commit/?id=87e560496fc11391cd170c84b42f107f630653d5 commit 87e560496fc11391cd170c84b42f107f630653d5 Author: John-Mark Gurney AuthorDate: 2021-06-29 01:09:14 +0000 Commit: Wojciech Macek CommitDate: 2021-09-28 07:03:48 +0000 ued may be NULL here which will cause a panic... reproducable by simply doing a usbconfig reset on a device which doesn't reset itself properly... (cherry picked from commit 3d5104182c2eb4336905e89aa0d089b67aa746e3) --- sys/dev/usb/net/if_cdce.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/dev/usb/net/if_cdce.c b/sys/dev/usb/net/if_cdce.c index 64c31896d417..24813ea305e4 100644 --- a/sys/dev/usb/net/if_cdce.c +++ b/sys/dev/usb/net/if_cdce.c @@ -709,18 +709,18 @@ alloc_transfers: if ((ued == NULL) || (ued->bLength < sizeof(*ued))) { error = USB_ERR_INVAL; } else { + /* + * ECM 1.2 doesn't say it excludes the CRC, but states that it's + * normally 1514, which excludes the CRC. + */ + DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize)); + if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN)) + sc->sc_flags |= CDCE_FLAG_VLAN; + error = usbd_req_get_string_any(uaa->device, NULL, eaddr_str, sizeof(eaddr_str), ued->iMacAddress); } - /* - * ECM 1.2 doesn't say it excludes the CRC, but states that it's - * normally 1514, which excludes the CRC. - */ - DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize)); - if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN)) - sc->sc_flags |= CDCE_FLAG_VLAN; - if (error) { /* fake MAC address */