Re: [PATCH 6/9] musb_host: fix premature PIO transfer end (take 2)

Wed, 11 Feb 2009 19:10:47 -0800 

On Wednesday 04 February 2009, Sergei Shtylyov wrote:
> Feeding 32-bit length cast down to 'u16' to min() to calculate the FIFO count
> in musb_host_tx() risks sending a short packet prematurely for transfer sizes
> over 64 KB. And although data transfer size shouldn't exceed 65535 bytes for
> the control endpoint, making musb_h_ep0_continue() more robust WRT URBs with
> possibly oversized buffer will not hurt either...
> 
> Signed-off-by: Sergei Shtylyov <sshtyl...@ru.mvista.com>

Acked-by: David Brownell <dbrown...@users.sourceforge.net>

OK for 2.6.29-rc ... maybe a bit marginal, unless someone
has specifically observed this.  But I hope the merge criteria
aren't that tight yet; this would prevent various intermittent
and poorly-reproducible flakiness.

 
> 
> ---
> Only whitespace changes. The patch is against the recent Linus' kernel...
> 
>  drivers/usb/musb/musb_host.c |   14 +++++++-------
>  1 files changed, 7 insertions(+), 7 deletions(-)
> 
> Index: linux-2.6/drivers/usb/musb/musb_host.c
> ===================================================================
> --- linux-2.6.orig/drivers/usb/musb/musb_host.c
> +++ linux-2.6/drivers/usb/musb/musb_host.c
> @@ -936,8 +936,8 @@ static bool musb_h_ep0_continue(struct m
>       switch (musb->ep0_stage) {
>       case MUSB_EP0_IN:
>               fifo_dest = urb->transfer_buffer + urb->actual_length;
> -             fifo_count = min(len, ((u16) (urb->transfer_buffer_length
> -                                     - urb->actual_length)));
> +             fifo_count = min_t(size_t, len, urb->transfer_buffer_length -
> +                                urb->actual_length);
>               if (fifo_count < len)
>                       urb->status = -EOVERFLOW;
>  
> @@ -970,10 +970,9 @@ static bool musb_h_ep0_continue(struct m
>               }
>               /* FALLTHROUGH */
>       case MUSB_EP0_OUT:
> -             fifo_count = min(qh->maxpacket, ((u16)
> -                             (urb->transfer_buffer_length
> -                             - urb->actual_length)));
> -
> +             fifo_count = min_t(size_t, qh->maxpacket,
> +                                urb->transfer_buffer_length -
> +                                urb->actual_length);
>               if (fifo_count) {
>                       fifo_dest = (u8 *) (urb->transfer_buffer
>                                       + urb->actual_length);
> @@ -1303,7 +1302,8 @@ void musb_host_tx(struct musb *musb, u8 
>                * packets before updating TXCSR ... other docs disagree ...
>                */
>               /* PIO:  start next packet in this URB */
> -             wLength = min(qh->maxpacket, (u16) wLength);
> +             if (wLength > qh->maxpacket)
> +                     wLength = qh->maxpacket;
>               musb_write_fifo(hw_ep, wLength, buf);
>               qh->segsize = wLength;
>  
> 
> 



_______________________________________________
Davinci-linux-open-source mailing list
Davinci-linux-open-source@linux.davincidsp.com
http://linux.davincidsp.com/mailman/listinfo/davinci-linux-open-source

Reply via email to