| Message ID | 20200902110115.1994491-8-gregkh@linuxfoundation.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | None | expand |
On Wed, 02 Sep 2020 13:01:09 +0200, Greg Kroah-Hartman wrote: > > The usb_control_msg_send() and usb_control_msg_recv() calls can return > an error if a "short" write/read happens, so move the driver over to > using those calls instead, saving some logic in the wrapper functions > that were being used in this driver. > > This also resolves a long-staging bug where data on the stack was being > sent in a USB control message, which was not allowed. > > Cc: Jaroslav Kysela <perex@perex.cz> > Cc: Takashi Iwai <tiwai@suse.com> > Cc: alsa-devel@alsa-project.org > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Takashi Iwai <tiwai@suse.de> thanks, Takashi > --- > sound/usb/6fire/firmware.c | 38 +++++++++++++------------------------- > 1 file changed, 13 insertions(+), 25 deletions(-) > > diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c > index 69137c14d0dc..5b8994070c96 100644 > --- a/sound/usb/6fire/firmware.c > +++ b/sound/usb/6fire/firmware.c > @@ -158,29 +158,17 @@ static int usb6fire_fw_ihex_init(const struct firmware *fw, > static int usb6fire_fw_ezusb_write(struct usb_device *device, > int type, int value, char *data, int len) > { > - int ret; > - > - ret = usb_control_msg(device, usb_sndctrlpipe(device, 0), type, > - USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, > - value, 0, data, len, HZ); > - if (ret < 0) > - return ret; > - else if (ret != len) > - return -EIO; > - return 0; > + return usb_control_msg_send(device, 0, type, > + USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, > + value, 0, data, len, HZ); > } > > static int usb6fire_fw_ezusb_read(struct usb_device *device, > int type, int value, char *data, int len) > { > - int ret = usb_control_msg(device, usb_rcvctrlpipe(device, 0), type, > - USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, value, > - 0, data, len, HZ); > - if (ret < 0) > - return ret; > - else if (ret != len) > - return -EIO; > - return 0; > + return usb_control_msg_recv(device, 0, type, > + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, > + value, 0, data, len, HZ); > } > > static int usb6fire_fw_fpga_write(struct usb_device *device, > @@ -230,7 +218,7 @@ static int usb6fire_fw_ezusb_upload( > /* upload firmware image */ > data = 0x01; /* stop ezusb cpu */ > ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); > - if (ret < 0) { > + if (ret) { > kfree(rec); > release_firmware(fw); > dev_err(&intf->dev, > @@ -242,7 +230,7 @@ static int usb6fire_fw_ezusb_upload( > while (usb6fire_fw_ihex_next_record(rec)) { /* write firmware */ > ret = usb6fire_fw_ezusb_write(device, 0xa0, rec->address, > rec->data, rec->len); > - if (ret < 0) { > + if (ret) { > kfree(rec); > release_firmware(fw); > dev_err(&intf->dev, > @@ -257,7 +245,7 @@ static int usb6fire_fw_ezusb_upload( > if (postdata) { /* write data after firmware has been uploaded */ > ret = usb6fire_fw_ezusb_write(device, 0xa0, postaddr, > postdata, postlen); > - if (ret < 0) { > + if (ret) { > dev_err(&intf->dev, > "unable to upload ezusb firmware %s: post urb.\n", > fwname); > @@ -267,7 +255,7 @@ static int usb6fire_fw_ezusb_upload( > > data = 0x00; /* resume ezusb cpu */ > ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); > - if (ret < 0) { > + if (ret) { > dev_err(&intf->dev, > "unable to upload ezusb firmware %s: end message.\n", > fwname); > @@ -302,7 +290,7 @@ static int usb6fire_fw_fpga_upload( > end = fw->data + fw->size; > > ret = usb6fire_fw_ezusb_write(device, 8, 0, NULL, 0); > - if (ret < 0) { > + if (ret) { > kfree(buffer); > release_firmware(fw); > dev_err(&intf->dev, > @@ -327,7 +315,7 @@ static int usb6fire_fw_fpga_upload( > kfree(buffer); > > ret = usb6fire_fw_ezusb_write(device, 9, 0, NULL, 0); > - if (ret < 0) { > + if (ret) { > dev_err(&intf->dev, > "unable to upload fpga firmware: end urb.\n"); > return ret; > @@ -363,7 +351,7 @@ int usb6fire_fw_init(struct usb_interface *intf) > u8 buffer[12]; > > ret = usb6fire_fw_ezusb_read(device, 1, 0, buffer, 8); > - if (ret < 0) { > + if (ret) { > dev_err(&intf->dev, > "unable to receive device firmware state.\n"); > return ret; > -- > 2.28.0 >
diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c index 69137c14d0dc..5b8994070c96 100644 --- a/sound/usb/6fire/firmware.c +++ b/sound/usb/6fire/firmware.c @@ -158,29 +158,17 @@ static int usb6fire_fw_ihex_init(const struct firmware *fw, static int usb6fire_fw_ezusb_write(struct usb_device *device, int type, int value, char *data, int len) { - int ret; - - ret = usb_control_msg(device, usb_sndctrlpipe(device, 0), type, - USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, - value, 0, data, len, HZ); - if (ret < 0) - return ret; - else if (ret != len) - return -EIO; - return 0; + return usb_control_msg_send(device, 0, type, + USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + value, 0, data, len, HZ); } static int usb6fire_fw_ezusb_read(struct usb_device *device, int type, int value, char *data, int len) { - int ret = usb_control_msg(device, usb_rcvctrlpipe(device, 0), type, - USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, value, - 0, data, len, HZ); - if (ret < 0) - return ret; - else if (ret != len) - return -EIO; - return 0; + return usb_control_msg_recv(device, 0, type, + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + value, 0, data, len, HZ); } static int usb6fire_fw_fpga_write(struct usb_device *device, @@ -230,7 +218,7 @@ static int usb6fire_fw_ezusb_upload( /* upload firmware image */ data = 0x01; /* stop ezusb cpu */ ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); - if (ret < 0) { + if (ret) { kfree(rec); release_firmware(fw); dev_err(&intf->dev, @@ -242,7 +230,7 @@ static int usb6fire_fw_ezusb_upload( while (usb6fire_fw_ihex_next_record(rec)) { /* write firmware */ ret = usb6fire_fw_ezusb_write(device, 0xa0, rec->address, rec->data, rec->len); - if (ret < 0) { + if (ret) { kfree(rec); release_firmware(fw); dev_err(&intf->dev, @@ -257,7 +245,7 @@ static int usb6fire_fw_ezusb_upload( if (postdata) { /* write data after firmware has been uploaded */ ret = usb6fire_fw_ezusb_write(device, 0xa0, postaddr, postdata, postlen); - if (ret < 0) { + if (ret) { dev_err(&intf->dev, "unable to upload ezusb firmware %s: post urb.\n", fwname); @@ -267,7 +255,7 @@ static int usb6fire_fw_ezusb_upload( data = 0x00; /* resume ezusb cpu */ ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1); - if (ret < 0) { + if (ret) { dev_err(&intf->dev, "unable to upload ezusb firmware %s: end message.\n", fwname); @@ -302,7 +290,7 @@ static int usb6fire_fw_fpga_upload( end = fw->data + fw->size; ret = usb6fire_fw_ezusb_write(device, 8, 0, NULL, 0); - if (ret < 0) { + if (ret) { kfree(buffer); release_firmware(fw); dev_err(&intf->dev, @@ -327,7 +315,7 @@ static int usb6fire_fw_fpga_upload( kfree(buffer); ret = usb6fire_fw_ezusb_write(device, 9, 0, NULL, 0); - if (ret < 0) { + if (ret) { dev_err(&intf->dev, "unable to upload fpga firmware: end urb.\n"); return ret; @@ -363,7 +351,7 @@ int usb6fire_fw_init(struct usb_interface *intf) u8 buffer[12]; ret = usb6fire_fw_ezusb_read(device, 1, 0, buffer, 8); - if (ret < 0) { + if (ret) { dev_err(&intf->dev, "unable to receive device firmware state.\n"); return ret;
The usb_control_msg_send() and usb_control_msg_recv() calls can return an error if a "short" write/read happens, so move the driver over to using those calls instead, saving some logic in the wrapper functions that were being used in this driver. This also resolves a long-staging bug where data on the stack was being sent in a USB control message, which was not allowed. Cc: Jaroslav Kysela <perex@perex.cz> Cc: Takashi Iwai <tiwai@suse.com> Cc: alsa-devel@alsa-project.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> --- sound/usb/6fire/firmware.c | 38 +++++++++++++------------------------- 1 file changed, 13 insertions(+), 25 deletions(-)