USB: ipaq: fix oops when device is plugged in

This patch (as1293) fixes a problem with the ipaq serial driver.  It
tries to bind to all the interfaces, even those that don't have enough
endpoints.  The symptom is an invalid memory reference and oops when
the device is plugged in.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: stable <stable@kernel.org>
Tested-by: Matthias Geissert <geissert@mathematik.tu-darmstadt.de>
Tested-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/usb/serial/ipaq.c b/drivers/usb/serial/ipaq.c
index 24fcc64b837d443d01c660ddccf93288fb407d43..d6231c38813e41d7b3072312907fcb33067de2d4 100644 (file)
--- a/drivers/usb/serial/ipaq.c
+++ b/drivers/usb/serial/ipaq.c
@@ -966,6 +966,15 @@ static int ipaq_calc_num_ports(struct usb_serial *serial)
 static int ipaq_startup(struct usb_serial *serial)
 {
        dbg("%s", __func__);
+
+       /* Some of the devices in ipaq_id_table[] are composite, and we
+        * shouldn't bind to all the interfaces.  This test will rule out
+        * some obviously invalid possibilities.
+        */
+       if (serial->num_bulk_in < serial->num_ports ||
+                       serial->num_bulk_out < serial->num_ports)
+               return -ENODEV;
+
        if (serial->dev->actconfig->desc.bConfigurationValue != 1) {
                /*
                 * FIXME: HP iPaq rx3715, possibly others, have 1 config that