From nobody Fri Oct  3 05:29:23 2025
Received: from out-183.mta1.migadu.com (out-183.mta1.migadu.com
 [95.215.58.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D87B242D79
	for <linux-kernel@vger.kernel.org>; Thu,  4 Sep 2025 20:08:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=95.215.58.183
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1757016490; cv=none;
 b=ELyJ6M5+voAsHzvaw6bnSaeqajRy+ggqydZA6i/QKeXeDDQgk6LM9XjwzpDNVFjppBSNugheBpF06TQ1oLAzgFW0kMsHGXBdfElOmGYUx/f7LUkCh/XHPXgFzOqy7enzNnmikfALaWID0BqwE7NL+hwACpO1uB0TsIBB2U787g4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1757016490; c=relaxed/simple;
	bh=L6pJCJRQlpGz4vRVZTttL4VLEPacbukwogeVseG1pvo=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=lKzcENwqut/dhxPWS+FKGiF2fhF+dx6Raob7zjTivDqEbLFu+DfLlq9hCWYml+iUoy9G1EZvOklPd9rwgtlb6hV2cv0D7I7BN3xKd7B1UghrWFmKsX5RPIIC7NiGiq/iiXKWhyd6cN/IY7Wk1IIie3mDy5w767614PjvNmViMrg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.dev;
 spf=pass smtp.mailfrom=linux.dev;
 dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev
 header.b=elKOBVFS; arc=none smtp.client-ip=95.215.58.183
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.dev
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linux.dev
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev
 header.b="elKOBVFS"
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and
 include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1757016486;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5OCK17bkD8uC3U/dYZyCUkvEyfsk5UZB3M9kPb7WAEA=;
	b=elKOBVFStYy1lM/dCkjDmgRTR9IvaUh8hOHiq4dbPPmilCcV6xl2HOfp3SEhP9YTcfkaP0
	E5lXP4mvCsayh7WcCXt3KUza22cpFBt9HRoCewrRqGg8eJnTKfakNFkEAsEhen0N8FxLM9
	erACdpIlZMsdF5yvuQCAVdell8sxkWk=
From: andrey.konovalov@linux.dev
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Alan Stern <stern@rowland.harvard.edu>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
	linux-usb@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Subject: [PATCH] usb: raw-gadget: do not limit transfer length
Date: Thu,  4 Sep 2025 22:07:54 +0200
Message-ID: 
 <a6024e8eab679043e9b8a5defdb41c4bda62f02b.1757016152.git.andreyknvl@gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Migadu-Flow: FLOW_OUT
Content-Type: text/plain; charset="utf-8"

From: Andrey Konovalov <andreyknvl@gmail.com>

Drop the check on the maximum transfer length in Raw Gadget for both
control and non-control transfers.

Limiting the transfer length causes a problem with emulating USB devices
whose full configuration descriptor exceeds PAGE_SIZE in length.

Overall, there does not appear to be any reason to enforce any kind of
transfer length limit on the Raw Gadget side for either control or
non-control transfers, so let's just drop the related check.

Cc: stable@vger.kernel.org
Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface")
Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com>
---
 drivers/usb/gadget/legacy/raw_gadget.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/usb/gadget/legacy/raw_gadget.c b/drivers/usb/gadget/le=
gacy/raw_gadget.c
index 20165e1582d9..b71680c58de6 100644
--- a/drivers/usb/gadget/legacy/raw_gadget.c
+++ b/drivers/usb/gadget/legacy/raw_gadget.c
@@ -667,8 +667,6 @@ static void *raw_alloc_io_data(struct usb_raw_ep_io *io=
, void __user *ptr,
 		return ERR_PTR(-EINVAL);
 	if (!usb_raw_io_flags_valid(io->flags))
 		return ERR_PTR(-EINVAL);
-	if (io->length > PAGE_SIZE)
-		return ERR_PTR(-EINVAL);
 	if (get_from_user)
 		data =3D memdup_user(ptr + sizeof(*io), io->length);
 	else {
--=20
2.43.0