Date: Fri, 04 Oct 2024 03:26:19 +0000 From: bugzilla-noreply@freebsd.org To: usb@FreeBSD.org Subject: [Bug 281843] "check for in-use endpoints" code in usb_config_parse() is missing an increment Message-ID: <bug-281843-19105@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281843 Bug ID: 281843 Summary: "check for in-use endpoints" code in usb_config_parse() is missing an increment Product: Base System Version: 13.3-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: usb Assignee: usb@FreeBSD.org Reporter: mhjacobson@me.com sys/dev/usb/usb_device.c:846 (in usb_config_parse()): ``` /* check for in-use endpoints */ if (cmd =3D=3D USB_CFG_INIT) { ep =3D udev->endpoints; ep_max =3D udev->endpoints_max; while (ep_max--) { /* look for matching endpoints */ if (iface_index =3D=3D USB_IFACE_INDEX_ANY = || iface_index =3D=3D ep->iface_index) { if (ep->refcount_alloc !=3D 0) return (USB_ERR_IN_USE); } } } ``` This code is missing an `ep++`. See the similar loop below, which does have the increment. I'm hitting a panic that seems to be caused by changing alternate interface index while transfers are outstanding, which this code is supposed to preve= nt.=20 I suspect (but don't know for sure) that this is at least part of the probl= em. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281843-19105>