2012-12-20 14:24:45

by Jussi Kivilinna

[permalink] [raw]
Subject: [PATCH] rtlwifi: fix incorrect use of usb_alloc_coherent with usb_control_msg

Incorrect use of usb_alloc_coherent memory as input buffer to usb_control_msg
can cause problems in arch DMA code, for example kernel BUG at
'arch/arm/include/asm/dma-mapping.h:321' on ARM (linux-3.4).

Change _usb_writeN_sync use kmalloc'd buffer instead.

Cc: [email protected]
Signed-off-by: Jussi Kivilinna <[email protected]>
---
drivers/net/wireless/rtlwifi/usb.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c
index 29f0969..a3312b7 100644
--- a/drivers/net/wireless/rtlwifi/usb.c
+++ b/drivers/net/wireless/rtlwifi/usb.c
@@ -210,17 +210,16 @@ static void _usb_writeN_sync(struct rtl_priv *rtlpriv, u32 addr, void *data,
u16 index = REALTEK_USB_VENQT_CMD_IDX;
int pipe = usb_sndctrlpipe(udev, 0); /* write_out */
u8 *buffer;
- dma_addr_t dma_addr;

- wvalue = (u16)(addr&0x0000ffff);
- buffer = usb_alloc_coherent(udev, (size_t)len, GFP_ATOMIC, &dma_addr);
+ wvalue = (u16)(addr & 0x0000ffff);
+ buffer = kmalloc(len, GFP_ATOMIC);
if (!buffer)
return;
memcpy(buffer, data, len);
usb_control_msg(udev, pipe, request, reqtype, wvalue,
index, buffer, len, 50);

- usb_free_coherent(udev, (size_t)len, buffer, dma_addr);
+ kfree(buffer);
}

static void _rtl_usb_io_handler_init(struct device *dev,



2012-12-20 18:08:18

by Larry Finger

[permalink] [raw]
Subject: Re: [PATCH] rtlwifi: fix incorrect use of usb_alloc_coherent with usb_control_msg

On 12/20/2012 08:24 AM, Jussi Kivilinna wrote:
> Incorrect use of usb_alloc_coherent memory as input buffer to usb_control_msg
> can cause problems in arch DMA code, for example kernel BUG at
> 'arch/arm/include/asm/dma-mapping.h:321' on ARM (linux-3.4).
>
> Change _usb_writeN_sync use kmalloc'd buffer instead.
>
> Cc: [email protected]
> Signed-off-by: Jussi Kivilinna <[email protected]>
> ---
> drivers/net/wireless/rtlwifi/usb.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)

Acked-by: Larry Finger <[email protected]>

Thanks. My only test platforms are X86 and PPC-32. Neither showed this problem.

Larry
>
> diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c
> index 29f0969..a3312b7 100644
> --- a/drivers/net/wireless/rtlwifi/usb.c
> +++ b/drivers/net/wireless/rtlwifi/usb.c
> @@ -210,17 +210,16 @@ static void _usb_writeN_sync(struct rtl_priv *rtlpriv, u32 addr, void *data,
> u16 index = REALTEK_USB_VENQT_CMD_IDX;
> int pipe = usb_sndctrlpipe(udev, 0); /* write_out */
> u8 *buffer;
> - dma_addr_t dma_addr;
>
> - wvalue = (u16)(addr&0x0000ffff);
> - buffer = usb_alloc_coherent(udev, (size_t)len, GFP_ATOMIC, &dma_addr);
> + wvalue = (u16)(addr & 0x0000ffff);
> + buffer = kmalloc(len, GFP_ATOMIC);
> if (!buffer)
> return;
> memcpy(buffer, data, len);
> usb_control_msg(udev, pipe, request, reqtype, wvalue,
> index, buffer, len, 50);
>
> - usb_free_coherent(udev, (size_t)len, buffer, dma_addr);
> + kfree(buffer);
> }
>
> static void _rtl_usb_io_handler_init(struct device *dev,
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>