From: Pavel Machek <pavel@ucw.cz>
To: Oliver Neukum <oneukum@suse.de>
Cc: Jiri Kosina <jkosina@suse.cz>, Lauri Kasanen <cand@gmx.com>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org,
ao2@ao2.it, AndrewD207@aol.com
Subject: Re: [PATCH] HID: sony: Enable Gasia third-party PS3 controllers
Date: Thu, 19 Mar 2015 10:38:34 +0100 [thread overview]
Message-ID: <20150319093834.GB18997@amd> (raw)
In-Reply-To: <1426756461.3815.3.camel@suse.de>
On Thu 2015-03-19 10:14:21, Oliver Neukum wrote:
> On Mon, 2015-03-16 at 22:37 +0100, Jiri Kosina wrote:
> > On Mon, 16 Mar 2015, Pavel Machek wrote:
> >
> > > > > Oliver Neukum <oneukum@suse.de> wrote:
> > > > >
> > > > > > > + ret = usb_interrupt_msg(dev, usb_sndintpipe(dev, 0x02),
> > > > > > > + buf2, sizeof(buf2),
> > > > > > > + &transfered, USB_CTRL_SET_TIMEOUT);
> > > > > >
> > > > > > You cannot do this. Even for a single byte DMA on the stack is
> > > > > > wrong. Not on all architectures it works at all and you violate
> > > > > > the DMA constrainsts. You must use kmalloc().
> > > > >
> > > > > Hi Oliver,
> > > > >
> > > > > Does this still apply when using hid_hw_output_report?
> > > >
> > > > Yes. For USB devices hid_hw_output_report() goes to
> > > > usbhid_output_report(). That goes to usb_interrupt_msg(),
> > > > which passes the buffer pointer. It will then be mapped
> > > > for DMA. You must not do that on the stack.
> > >
> > > Should we have some kind of runtime test for this ...? Because this is
> > > very very easy to get wrong... and I bet we do get it wrong at > 1
> > > place...
> >
> > Are you sure CONFIG_DMA_API_DEBUG wouldn't warn here?
>
> As far as I can tell, it will not warn. The problem is not in the
> mapping itself. That is usually legitimate. The problem arises
> because the buffer doesn't have a cacheline of its own. Thus the
> memory corruption happens after the IO operation has started.
Nasty. Would WARN_ON(buffer & CACHELINE_SIZE-1) do at least part of
the trick? Alternatively, could we call ksize() on the object, and
fail if it is not big enough?
Alternatively, we could create "allocate_for_usb" function, and only
take pointers allocated by that function in usb functions. That would
also teach people the problem exists...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2015-03-19 9:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-07 13:48 [PATCH] HID: sony: Enable Gasia third-party PS3 controllers Lauri Kasanen
2015-02-07 15:56 ` Benjamin Tissoires
2015-02-07 16:31 ` Antonio Ospite
2015-02-07 16:31 ` Antonio Ospite
2015-02-07 21:48 ` Lauri Kasanen
2015-03-19 10:26 ` David Herrmann
2015-02-09 10:08 ` Oliver Neukum
2015-02-09 18:44 ` Lauri Kasanen
2015-02-10 8:14 ` Oliver Neukum
2015-03-16 21:10 ` Pavel Machek
2015-03-16 21:37 ` Jiri Kosina
2015-03-19 9:14 ` Oliver Neukum
2015-03-19 9:38 ` Pavel Machek [this message]
2015-03-19 9:54 ` Oliver Neukum
2015-03-19 10:12 ` Pavel Machek
2015-03-19 10:29 ` Oliver Neukum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150319093834.GB18997@amd \
--to=pavel@ucw.cz \
--cc=AndrewD207@aol.com \
--cc=ao2@ao2.it \
--cc=cand@gmx.com \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oneukum@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.