usb: ehci: Use endpoint in URB to get maxpacket

usb_maxpacket() looks up the endpoint number in the pipe which can fail
if the interface or configuration changes before the routine is called.
This is unexpected and may even cause a modulo by zero afterwards.

So use usb_endpoint_maxp() routine which uses the endpoint stored in URB
to get the maxpacket.

Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Khalid Masum <khalid.masum.92@gmail.com>
Addresses-Coverity: 744857 ("Division or modulo by zero")
Addresses-Coverity: 1487371 ("Division or modulo by zero")
Link: https://lore.kernel.org/r/20220824193813.13129-1-khalid.masum.92@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/host/ehci-q.c b/drivers/usb/host/ehci-q.c
index 807e649..666f5c4 100644 (file)
--- a/drivers/usb/host/ehci-q.c
+++ b/drivers/usb/host/ehci-q.c
@@ -645,7 +645,7 @@ qh_urb_transaction (
                token |= (1 /* "in" */ << 8);
        /* else it's already initted to "out" pid (0 << 8) */
 
-       maxpacket = usb_maxpacket(urb->dev, urb->pipe);
+       maxpacket = usb_endpoint_maxp(&urb->ep->desc);
 
        /*
         * buffer gets wrapped in one or more qtds;
@@ -1218,7 +1218,7 @@ static int ehci_submit_single_step_set_feature(
 
        token |= (1 /* "in" */ << 8);  /*This is IN stage*/
 
-       maxpacket = usb_maxpacket(urb->dev, urb->pipe);
+       maxpacket = usb_endpoint_maxp(&urb->ep->desc);
 
        qtd_fill(ehci, qtd, buf, len, token, maxpacket);