We need to check "count" so we don't overflow the ei->data buffer.
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Return error if we receive write(), while PD is not connected.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Incorrect error number was returned here (EPERM), ENXIO is more
appropriate.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Buffer depth of 50 units is not sufficient when there is considerable delay
occuring on air due to interference, increase ISOC IN buffer depth to 100 units.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reset PORT_ENABLE bit of port status on loosing PD.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure that we return negative value if oz_build_frame()
returns NULL.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We have icreased interrupt end point buffer size to 512 bytes,
Change variable data type to accomodate it.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Increase interrupt end point buffer size & convert hard coded
value to macro for better readability.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use macro instead of hard coded value for readability.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Check for valid config number before completing set interface.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As we are initialising structure, we do not require
memset().
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently we call oz_pd_destroy() from softirq context, where we
try to destroy relevant data structures, as well we kill a tasklet
which always result in following kernel warning.
[12279.262194] Attempt to kill tasklet from interrupt
[12279.262202] Attempt to kill tasklet from interrupt
This patch defers deallocation of data structures to work queue.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Increment PD reference counter, on every timer event so that
we do not loose PD object by mistake.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Check if interface number is correct before creating an end point.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Do not allocate a port to new device or process URB when its status is
yet to be read. This avoids race condition when USB core read hub
status a bit late, while new device tries to acquire port.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We should not use extra variable just to copy pointer value,
renaming parameter name serves pupose & removes extra variable.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We are assigning value to hport before returning, there is
no need to initialize it.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch separates success & failure block along with fixing
following issues:-
1. The way oz_hcd_pd_arrived() looks now it's easy to think we free "ep" but
actually we do this spaghetti thing of setting it to NULL on success.
2. It is hard to read it because there are unlocks scattered throughout.
3. Currently we set "ep" to NULL on the success path and then test it and or
free it. In current code you have to scroll to the start of the function
to read code.
Original patch was submitted by Dan here :-
http://driverdev.linuxdriverproject.org/pipermail/driverdev-devel/2013-August/040113.html
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Swap arguments of oz_ep_alloc() to match kmalloc() for better readability.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove variable initialization wherever it is not required.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We are already checking "ep" earlier in function. Do not
need to check again.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Put spaces around math operations.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch adds a blank line between global declarations &
functions for readability.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch adds blank line between declaration &
code for readability.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix a bug where we were not returning correct hub status
for 8th port.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure that we reset port configuration no. when PD departs.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fix following issues reported by Dan:-
1) There is no check limiting the size to 32 and it could be up to
253 bytes.
2) Use defines instead of magic numbers.
3) The oz_farewell struct is supposed to be a variable length struct
but the variable part is put in the middle. It doesn't make any
sense to put the length of the variable size array after then end
of the array because we can never find it again! Put the
variable size array at the end. Make it a zero length array.
u8 len;
u8 report[0];
4) In oz_add_farewell() we do this:
f = kmalloc(sizeof(struct oz_farewell) + len - 1, GFP_ATOMIC);
The "- 1" refers to sizeof(f->report) but because it was a magic
number then it was missed when the sizeof(f->report) changed.
5) In [patch 6/6] we set the ->len member. But because it is at the
end of a variable length array with no limit check the remote
attacker can just rewrite it using the memcpy() on the next line.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes following build warning.
drivers/built-in.o: In function `oz_hcd_heartbeat':
>> (.text+0x30aadd): undefined reference to `__divdi3'
drivers/built-in.o: In function `oz_hcd_heartbeat':
>> (.text+0x30ac85): undefined reference to `__divdi3'
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes a bug where we were not setting length field causing wrong
report size to be copied.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Farewell report size can be bigger than one byte, increase array
size to accomodate maximum 32 bytes of farewell report.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In case of ISOC transfer, if TX queue is full then we start
dropping latest frame, instead we should drop oldest frame &
add latest frame to TX queue.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use kernel's strncmp() function instead of defining same within driver.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make sure that we mark const string so that it does not get modified.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Managing interface list, is easier if we use kernel list_* API
than managing it on our own.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Current implementation assumes HZ = 1000 for calculating
all internal timer intervals, which creates problem on
platforms where HZ != 1000.
As well we need resolution of less than 10 mSec for heartbeat
calculation, this creates problem on some platforms where HZ is
configured as HZ = 100, or around, which restricts us to timer interval
of 10 mSec. This is particularly found on embedded devices.
This patch moves on to use high resolution timers to calculate
all timer intervals as it allows us to have very small resolution
of timer interval, removing dependency on HZ.
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Introduce new debug macros: oz_dbg, oz_cdev_dbg, oz_pd_dbg
and then replace old oz_trace & oz_trace2 with new macro.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove unnecessary debug logs. Most of these logs
print function name at the start of function, which
are not really required.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Rupesh Gujare <rupesh.gujare@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>