From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Michele Baldessari <michele@acksyn.org>,
Mauro Carvalho Chehab <mchehab@s-opensource.com>
Subject: [PATCH 3.18 43/67] media: Dont do DMA on stack for firmware upload in the AS102 driver
Date: Tue, 28 Nov 2017 11:19:42 +0100 [thread overview]
Message-ID: <20171128100425.664069690@linuxfoundation.org> (raw)
In-Reply-To: <20171128100420.274075224@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michele Baldessari <michele@acksyn.org>
commit b3120d2cc447ee77b9d69bf4ad7b452c9adb4d39 upstream.
Firmware load on AS102 is using the stack which is not allowed any
longer. We currently fail with:
kernel: transfer buffer not dma capable
kernel: ------------[ cut here ]------------
kernel: WARNING: CPU: 0 PID: 598 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x41d/0x620
kernel: Modules linked in: amd64_edac_mod(-) edac_mce_amd as102_fe dvb_as102(+) kvm_amd kvm snd_hda_codec_realtek dvb_core snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel snd_hda_codec irqbypass crct10dif_pclmul crc32_pclmul snd_hda_core snd_hwdep snd_seq ghash_clmulni_intel sp5100_tco fam15h_power wmi k10temp i2c_piix4 snd_seq_device snd_pcm snd_timer parport_pc parport tpm_infineon snd tpm_tis soundcore tpm_tis_core tpm shpchp acpi_cpufreq xfs libcrc32c amdgpu amdkfd amd_iommu_v2 radeon hid_logitech_hidpp i2c_algo_bit drm_kms_helper crc32c_intel ttm drm r8169 mii hid_logitech_dj
kernel: CPU: 0 PID: 598 Comm: systemd-udevd Not tainted 4.13.10-200.fc26.x86_64 #1
kernel: Hardware name: ASUS All Series/AM1I-A, BIOS 0505 03/13/2014
kernel: task: ffff979933b24c80 task.stack: ffffaf83413a4000
kernel: RIP: 0010:usb_hcd_map_urb_for_dma+0x41d/0x620
systemd-fsck[659]: /dev/sda2: clean, 49/128016 files, 268609/512000 blocks
kernel: RSP: 0018:ffffaf83413a7728 EFLAGS: 00010282
systemd-udevd[604]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
kernel: RAX: 000000000000001f RBX: ffff979930bce780 RCX: 0000000000000000
kernel: RDX: 0000000000000000 RSI: ffff97993ec0e118 RDI: ffff97993ec0e118
kernel: RBP: ffffaf83413a7768 R08: 000000000000039a R09: 0000000000000000
kernel: R10: 0000000000000001 R11: 00000000ffffffff R12: 00000000fffffff5
kernel: R13: 0000000001400000 R14: 0000000000000001 R15: ffff979930806800
kernel: FS: 00007effaca5c8c0(0000) GS:ffff97993ec00000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 00007effa9fca962 CR3: 0000000233089000 CR4: 00000000000406f0
kernel: Call Trace:
kernel: usb_hcd_submit_urb+0x493/0xb40
kernel: ? page_cache_tree_insert+0x100/0x100
kernel: ? xfs_iunlock+0xd5/0x100 [xfs]
kernel: ? xfs_file_buffered_aio_read+0x57/0xc0 [xfs]
kernel: usb_submit_urb+0x22d/0x560
kernel: usb_start_wait_urb+0x6e/0x180
kernel: usb_bulk_msg+0xb8/0x160
kernel: as102_send_ep1+0x49/0xe0 [dvb_as102]
kernel: ? devres_add+0x3f/0x50
kernel: as102_firmware_upload.isra.0+0x1dc/0x210 [dvb_as102]
kernel: as102_fw_upload+0xb6/0x1f0 [dvb_as102]
kernel: as102_dvb_register+0x2af/0x2d0 [dvb_as102]
kernel: as102_usb_probe+0x1f3/0x260 [dvb_as102]
kernel: usb_probe_interface+0x124/0x300
kernel: driver_probe_device+0x2ff/0x450
kernel: __driver_attach+0xa4/0xe0
kernel: ? driver_probe_device+0x450/0x450
kernel: bus_for_each_dev+0x6e/0xb0
kernel: driver_attach+0x1e/0x20
kernel: bus_add_driver+0x1c7/0x270
kernel: driver_register+0x60/0xe0
kernel: usb_register_driver+0x81/0x150
kernel: ? 0xffffffffc0807000
kernel: as102_usb_driver_init+0x1e/0x1000 [dvb_as102]
kernel: do_one_initcall+0x50/0x190
kernel: ? __vunmap+0x81/0xb0
kernel: ? kfree+0x154/0x170
kernel: ? kmem_cache_alloc_trace+0x15f/0x1c0
kernel: ? do_init_module+0x27/0x1e9
kernel: do_init_module+0x5f/0x1e9
kernel: load_module+0x2602/0x2c30
kernel: SYSC_init_module+0x170/0x1a0
kernel: ? SYSC_init_module+0x170/0x1a0
kernel: SyS_init_module+0xe/0x10
kernel: do_syscall_64+0x67/0x140
kernel: entry_SYSCALL64_slow_path+0x25/0x25
kernel: RIP: 0033:0x7effab6cf3ea
kernel: RSP: 002b:00007fff5cfcbbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
kernel: RAX: ffffffffffffffda RBX: 00005569e0b83760 RCX: 00007effab6cf3ea
kernel: RDX: 00007effac2099c5 RSI: 0000000000009a13 RDI: 00005569e0b98c50
kernel: RBP: 00007effac2099c5 R08: 00005569e0b83ed0 R09: 0000000000001d80
kernel: R10: 00007effab98db00 R11: 0000000000000246 R12: 00005569e0b98c50
kernel: R13: 00005569e0b81c60 R14: 0000000000020000 R15: 00005569dfadfdf7
kernel: Code: 48 39 c8 73 30 80 3d 59 60 9d 00 00 41 bc f5 ff ff ff 0f 85 26 ff ff ff 48 c7 c7 b8 6b d0 92 c6 05 3f 60 9d 00 01 e8 24 3d ad ff <0f> ff 8b 53 64 e9 09 ff ff ff 65 48 8b 0c 25 00 d3 00 00 48 8b
kernel: ---[ end trace c4cae366180e70ec ]---
kernel: as10x_usb: error during firmware upload part1
Let's allocate the the structure dynamically so we can get the firmware
loaded correctly:
[ 14.243057] as10x_usb: firmware: as102_data1_st.hex loaded with success
[ 14.500777] as10x_usb: firmware: as102_data2_st.hex loaded with success
Signed-off-by: Michele Baldessari <michele@acksyn.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/as102/as102_fw.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
--- a/drivers/media/usb/as102/as102_fw.c
+++ b/drivers/media/usb/as102/as102_fw.c
@@ -101,18 +101,23 @@ static int as102_firmware_upload(struct
unsigned char *cmd,
const struct firmware *firmware) {
- struct as10x_fw_pkt_t fw_pkt;
+ struct as10x_fw_pkt_t *fw_pkt;
int total_read_bytes = 0, errno = 0;
unsigned char addr_has_changed = 0;
+ fw_pkt = kmalloc(sizeof(*fw_pkt), GFP_KERNEL);
+ if (!fw_pkt)
+ return -ENOMEM;
+
+
for (total_read_bytes = 0; total_read_bytes < firmware->size; ) {
int read_bytes = 0, data_len = 0;
/* parse intel hex line */
read_bytes = parse_hex_line(
(u8 *) (firmware->data + total_read_bytes),
- fw_pkt.raw.address,
- fw_pkt.raw.data,
+ fw_pkt->raw.address,
+ fw_pkt->raw.data,
&data_len,
&addr_has_changed);
@@ -122,28 +127,28 @@ static int as102_firmware_upload(struct
/* detect the end of file */
total_read_bytes += read_bytes;
if (total_read_bytes == firmware->size) {
- fw_pkt.u.request[0] = 0x00;
- fw_pkt.u.request[1] = 0x03;
+ fw_pkt->u.request[0] = 0x00;
+ fw_pkt->u.request[1] = 0x03;
/* send EOF command */
errno = bus_adap->ops->upload_fw_pkt(bus_adap,
(uint8_t *)
- &fw_pkt, 2, 0);
+ fw_pkt, 2, 0);
if (errno < 0)
goto error;
} else {
if (!addr_has_changed) {
/* prepare command to send */
- fw_pkt.u.request[0] = 0x00;
- fw_pkt.u.request[1] = 0x01;
+ fw_pkt->u.request[0] = 0x00;
+ fw_pkt->u.request[1] = 0x01;
- data_len += sizeof(fw_pkt.u.request);
- data_len += sizeof(fw_pkt.raw.address);
+ data_len += sizeof(fw_pkt->u.request);
+ data_len += sizeof(fw_pkt->raw.address);
/* send cmd to device */
errno = bus_adap->ops->upload_fw_pkt(bus_adap,
(uint8_t *)
- &fw_pkt,
+ fw_pkt,
data_len,
0);
if (errno < 0)
@@ -152,6 +157,7 @@ static int as102_firmware_upload(struct
}
}
error:
+ kfree(fw_pkt);
return (errno == 0) ? total_read_bytes : errno;
}
next prev parent reply other threads:[~2017-11-28 10:22 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-28 10:18 [PATCH 3.18 00/67] 3.18.85-stable review Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 01/67] s390/disassembler: increase show_code buffer size Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 02/67] ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 03/67] sched: Make resched_cpu() unconditional Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 04/67] lib/mpi: call cond_resched() from mpi_powm() loop Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 05/67] x86/decoder: Add new TEST instruction pattern Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 06/67] ARM: 8721/1: mm: dump: check hardware RO bit for LPAE Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 07/67] ALSA: hda: Add Raven PCI ID Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 08/67] dm bufio: fix integer overflow when limiting maximum cache size Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 09/67] dm: fix race between dm_get_from_kobject() and __dm_destroy() Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 10/67] MIPS: Fix an n32 core file generation regset support regression Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 11/67] MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 12/67] autofs: dont fail mount for transient error Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 13/67] nilfs2: fix race condition that causes file system corruption Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 14/67] eCryptfs: use after free in ecryptfs_release_messaging() Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 15/67] bcache: check ca->alloc_thread initialized before wake up it Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 16/67] isofs: fix timestamps beyond 2027 Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 17/67] NFS: Fix typo in nomigration mount option Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 18/67] nfs: Fix ugly referral attributes Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 19/67] nfsd: deal with revoked delegations appropriately Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 20/67] ext4: fix interaction between i_size, fallocate, and delalloc after a crash Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 21/67] ALSA: usb-audio: Add sanity checks to FE parser Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 22/67] ALSA: usb-audio: Fix potential out-of-bound access at parsing SU Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 23/67] ALSA: usb-audio: Add sanity checks in v2 clock parsers Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 24/67] ALSA: timer: Remove kernel warning at compat ioctl error paths Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 25/67] fs/9p: Compare qid.path in v9fs_test_inode Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 26/67] iscsi-target: Fix non-immediate TMR reference leak Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 27/67] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 29/67] clk: ti: dra7-atl-clock: Fix of_node reference counting Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 30/67] clk: ti: dra7-atl-clock: fix child-node lookups Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 31/67] IB/srpt: Do not accept invalid initiator port names Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 32/67] NFC: fix device-allocation error return Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 33/67] time: Always make sure wall_to_monotonic isnt positive Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 34/67] i40e: Use smp_rmb rather than read_barrier_depends Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 35/67] igb: " Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 36/67] igbvf: " Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 37/67] ixgbevf: " Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 38/67] i40evf: " Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 39/67] fm10k: " Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 40/67] ixgbe: Fix skb list corruption on Power systems Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 41/67] parisc: Fix validity check of pointer size argument in new CAS implementation Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 42/67] powerpc/signal: Properly handle return value from uprobe_deny_signal() Greg Kroah-Hartman
2017-11-28 10:19 ` Greg Kroah-Hartman [this message]
2017-11-28 10:19 ` [PATCH 3.18 44/67] media: rc: check for integer overflow Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 45/67] media: v4l2-ctrl: Fix flags field on Control events Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 46/67] net/9p: Switch to wait_event_killable() Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 47/67] mtd: nand: Fix writing mtdoops to nand flash Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 48/67] USB: fix buffer overflows with parsing CDC headers Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 49/67] iio: iio-trig-periodic-rtc: Free trigger resource correctly Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 50/67] e1000e: Fix error path in link detection Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 51/67] e1000e: Fix return value test Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 52/67] e1000e: Separate signaling for link check/link up Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 53/67] RDS: RDMA: return appropriate error on rdma map failures Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 54/67] PCI: Apply _HPX settings only to relevant devices Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 55/67] net: 3com: typhoon: typhoon_init_one: make return values more specific Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 56/67] net: 3com: typhoon: typhoon_init_one: fix incorrect return values Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 57/67] drm/armada: Fix compile fail Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 58/67] ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 59/67] mac80211: Remove invalid flag operations in mesh TSF synchronization Greg Kroah-Hartman
2017-11-28 10:19 ` [PATCH 3.18 60/67] mac80211: Suppress NEW_PEER_CANDIDATE event if no room Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 61/67] staging: iio: cdc: fix improper return value Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 62/67] netfilter: nft_queue: use raw_smp_processor_id() Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 63/67] netfilter: nf_tables: fix oob access Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 64/67] btrfs: return the actual error value from from btrfs_uuid_tree_iterate Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 65/67] ASoC: wm_adsp: Dont overrun firmware file buffer when reading region data Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 66/67] s390/kbuild: enable modversions for symbols exported from asm Greg Kroah-Hartman
2017-11-28 10:20 ` [PATCH 3.18 67/67] xen: xenbus driver must not accept invalid transaction ids Greg Kroah-Hartman
2017-11-28 19:37 ` [PATCH 3.18 00/67] 3.18.85-stable review Shuah Khan
2017-11-29 6:33 ` Greg Kroah-Hartman
2017-11-28 21:50 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171128100425.664069690@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab@s-opensource.com \
--cc=michele@acksyn.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.