USB: ipaq: fix oops when device is plugged in

This patch (as1293) fixes a problem with the ipaq serial driver.  It
tries to bind to all the interfaces, even those that don't have enough
endpoints.  The symptom is an invalid memory reference and oops when
the device is plugged in.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: stable <stable@kernel.org>
Tested-by: Matthias Geissert <geissert@mathematik.tu-darmstadt.de>
Tested-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
index 24fcc64..d6231c3 100644 (file)
--- a/drivers/usb/serial/ipaq.c
+++ b/drivers/usb/serial/ipaq.c
@@ -966,6 +966,15 @@ static int ipaq_calc_num_ports(struct usb_serial *serial)
 static int ipaq_startup(struct usb_serial *serial)
 {
        dbg("%s", __func__);
 static int ipaq_startup(struct usb_serial *serial)
 {
        dbg("%s", __func__);

+
+       /* Some of the devices in ipaq_id_table[] are composite, and we
+        * shouldn't bind to all the interfaces.  This test will rule out
+        * some obviously invalid possibilities.
+        */
+       if (serial->num_bulk_in < serial->num_ports ||
+                       serial->num_bulk_out < serial->num_ports)
+               return -ENODEV;
+

        if (serial->dev->actconfig->desc.bConfigurationValue != 1) {
                /*
                 * FIXME: HP iPaq rx3715, possibly others, have 1 config that
        if (serial->dev->actconfig->desc.bConfigurationValue != 1) {
                /*
                 * FIXME: HP iPaq rx3715, possibly others, have 1 config that