From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: [v4] NFC: pn533: don't send USB data off of the stack From: Greg Kroah-Hartman Message-Id: <20180520131946.GA7325@kroah.com> Date: Sun, 20 May 2018 15:19:46 +0200 To: Arend van Spriel , Carlos Manuel Santos , Samuel Ortiz , Stephen Hemminger , linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org List-ID: SXQncyBhbWF6aW5nIHRoYXQgdGhpcyBkcml2ZXIgZXZlciB3b3JrZWQsIGJ1dCBub3cgdGhhdCB4 ODYgZG9lc24ndAphbGxvdyBVU0IgZGF0YSB0byBiZSBzZW50IG9mZiBvZiB0aGUgc3RhY2ssIGl0 IHJlYWxseSBkb2VzIG5vdCB3b3JrIGF0CmFsbC4gIEZpeCB0aGlzIHVwIGJ5IHByb3Blcmx5IGFs bG9jYXRpbmcgdGhlIGRhdGEgZm9yIHRoZSBzbWFsbAoiY29tbWFuZHMiIHRoYXQgZ2V0IHNlbnQg dG8gdGhlIGRldmljZSBvZmYgb2YgdGhlIHN0YWNrLgoKV2UgZG8gdGhpcyBmb3Igb25lIGNvbW1h bmQgYnkgaGF2aW5nIGEgd2hvbGUgdXJiIGp1c3QgZm9yIGFjayBtZXNzYWdlcywKYXMgdGhleSBj YW4gYmUgc3VibWl0dGVkIGluIGludGVycnVwdCBjb250ZXh0LCBzbyB3ZSBjYW4gbm90IHVzZQp1 c2JfYnVsa19tc2coKS4gIEJ1dCB0aGUgcG93ZXJvbiBjb21tYW5kIGNhbiBzbGVlcCAoYW5kIGRv ZXMpLCBzbyB1c2UKdXNiX2J1bGtfbXNnKCkgZm9yIHRoYXQgdHJhbnNmZXIuCgpSZXBvcnRlZC1i eTogQ2FybG9zIE1hbnVlbCBTYW50b3MgPGNtbXBzYW50b3NAZ21haWwuY29tPgpDYzogU2FtdWVs IE9ydGl6IDxzYW1lb0BsaW51eC5pbnRlbC5jb20+CkNjOiBTdGVwaGVuIEhlbW1pbmdlciA8c3Rl cGhlbkBuZXR3b3JrcGx1bWJlci5vcmc+CkNjOiBzdGFibGUgPHN0YWJsZUB2Z2VyLmtlcm5lbC5v cmc+ClNpZ25lZC1vZmYtYnk6IEdyZWcgS3JvYWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRh dGlvbi5vcmc+Ci0tLQp2NDogZG9uJ3QgdXNlIHVyYiB0cmFuc2ZlciBidWZmZXIgZmxhZ3MgYXMg dGhlIG1lbW9yeSBpcyB0aWVkIHRvIHRoZSB1cmIKICAgICh0aGFua3MgdG8gSm9oYW4pICBOb3cg d2UgaGF2ZSBhIG5ldyBzdGF0aWMgdXJiLCBhbmQgd2UgdXNlCiAgICB1c2JfYnVsa19tc2coKSBm b3IgdGhlIG90aGVyIG1lc3NhZ2UuCnYzOiBhY3R1YWxseSB1c2UgdGhlIGNvcnJlY3QgYnVmZmVy ICh0aGFua3MgdG8gQXJlbmQgdmFuIFNwcmllbCkKICAgIHVzZSBrbWVtZHVwICh0aGFua3MgdG8g Sm9oYW5uZXMgQmVyZyBhbmQgSnVsaWEgTGF3YWxsKQp2Mjogc2V0IHRoZSB1cmIgZmxhZ3MgY29y cmVjdGx5CgogZHJpdmVycy9uZmMvcG41MzMvdXNiLmMgfCAgIDQyICsrKysrKysrKysrKysrKysr KysrKysrKysrKysrKy0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDMwIGluc2VydGlvbnMo KyksIDEyIGRlbGV0aW9ucygtKQoKCi0tClRvIHVuc3Vic2NyaWJlIGZyb20gdGhpcyBsaXN0OiBz ZW5kIHRoZSBsaW5lICJ1bnN1YnNjcmliZSBsaW51eC11c2IiIGluCnRoZSBib2R5IG9mIGEgbWVz c2FnZSB0byBtYWpvcmRvbW9Admdlci5rZXJuZWwub3JnCk1vcmUgbWFqb3Jkb21vIGluZm8gYXQg IGh0dHA6Ly92Z2VyLmtlcm5lbC5vcmcvbWFqb3Jkb21vLWluZm8uaHRtbAoKLS0tIGEvZHJpdmVy cy9uZmMvcG41MzMvdXNiLmMKKysrIGIvZHJpdmVycy9uZmMvcG41MzMvdXNiLmMKQEAgLTYyLDYg KzYyLDkgQEAgc3RydWN0IHBuNTMzX3VzYl9waHkgewogCXN0cnVjdCB1cmIgKm91dF91cmI7CiAJ c3RydWN0IHVyYiAqaW5fdXJiOwogCisJc3RydWN0IHVyYiAqYWNrX3VyYjsKKwl1OCAqYWNrX2J1 ZmZlcjsKKwogCXN0cnVjdCBwbjUzMyAqcHJpdjsKIH07CiAKQEAgLTE1MCwxMyArMTUzLDE2IEBA IHN0YXRpYyBpbnQgcG41MzNfdXNiX3NlbmRfYWNrKHN0cnVjdCBwbjUKIAlzdHJ1Y3QgcG41MzNf dXNiX3BoeSAqcGh5ID0gZGV2LT5waHk7CiAJc3RhdGljIGNvbnN0IHU4IGFja1s2XSA9IHsweDAw LCAweDAwLCAweGZmLCAweDAwLCAweGZmLCAweDAwfTsKIAkvKiBzcGVjIDcuMS4xLjM6ICBQcmVh bWJsZSwgU29QQyAoMiksIEFDSyBDb2RlICgyKSwgUG9zdGFtYmxlICovCi0JaW50IHJjOwogCi0J cGh5LT5vdXRfdXJiLT50cmFuc2Zlcl9idWZmZXIgPSAodTggKilhY2s7Ci0JcGh5LT5vdXRfdXJi LT50cmFuc2Zlcl9idWZmZXJfbGVuZ3RoID0gc2l6ZW9mKGFjayk7Ci0JcmMgPSB1c2Jfc3VibWl0 X3VyYihwaHktPm91dF91cmIsIGZsYWdzKTsKKwlpZiAoIXBoeS0+YWNrX2J1ZmZlcikgeworCQlw aHktPmFja19idWZmZXIgPSBrbWVtZHVwKGFjaywgc2l6ZW9mKGFjayksIGZsYWdzKTsKKwkJaWYg KCFwaHktPmFja19idWZmZXIpCisJCQlyZXR1cm4gLUVOT01FTTsKKwl9CiAKLQlyZXR1cm4gcmM7 CisJcGh5LT5hY2tfdXJiLT50cmFuc2Zlcl9idWZmZXIgPSBwaHktPmFja19idWZmZXI7CisJcGh5 LT5hY2tfdXJiLT50cmFuc2Zlcl9idWZmZXJfbGVuZ3RoID0gc2l6ZW9mKGFjayk7CisJcmV0dXJu IHVzYl9zdWJtaXRfdXJiKHBoeS0+YWNrX3VyYiwgZmxhZ3MpOwogfQogCiBzdGF0aWMgaW50IHBu NTMzX3VzYl9zZW5kX2ZyYW1lKHN0cnVjdCBwbjUzMyAqZGV2LApAQCAtMzc1LDI2ICszODEsMzEg QEAgc3RhdGljIGludCBwbjUzM19hY3IxMjJfcG93ZXJvbl9yZHIoc3RydQogCS8qIFBvd2VyIG9u IHRoIHJlYWRlciAoQ0NJRCBjbWQpICovCiAJdTggY21kWzEwXSA9IHtQTjUzM19BQ1IxMjJfUENf VE9fUkRSX0lDQ1BPV0VST04sCiAJCSAgICAgIDAsIDAsIDAsIDAsIDAsIDAsIDMsIDAsIDB9Owor CWNoYXIgKmJ1ZmZlcjsKKwlpbnQgdHJhbnNmZXJyZWQ7CiAJaW50IHJjOwogCXZvaWQgKmNudHg7 CiAJc3RydWN0IHBuNTMzX2FjcjEyMl9wb3dlcm9uX3Jkcl9hcmcgYXJnOwogCiAJZGV2X2RiZygm cGh5LT51ZGV2LT5kZXYsICIlc1xuIiwgX19mdW5jX18pOwogCisJYnVmZmVyID0ga21lbWR1cChj bWQsIHNpemVvZihjbWQpLCBHRlBfS0VSTkVMKTsKKwlpZiAoIWJ1ZmZlcikKKwkJcmV0dXJuIC1F Tk9NRU07CisKIAlpbml0X2NvbXBsZXRpb24oJmFyZy5kb25lKTsKIAljbnR4ID0gcGh5LT5pbl91 cmItPmNvbnRleHQ7ICAvKiBiYWNrdXAgY29udGV4dCAqLwogCiAJcGh5LT5pbl91cmItPmNvbXBs ZXRlID0gcG41MzNfYWNyMTIyX3Bvd2Vyb25fcmRyX3Jlc3A7CiAJcGh5LT5pbl91cmItPmNvbnRl eHQgPSAmYXJnOwogCi0JcGh5LT5vdXRfdXJiLT50cmFuc2Zlcl9idWZmZXIgPSBjbWQ7Ci0JcGh5 LT5vdXRfdXJiLT50cmFuc2Zlcl9idWZmZXJfbGVuZ3RoID0gc2l6ZW9mKGNtZCk7Ci0KIAlwcmlu dF9oZXhfZHVtcF9kZWJ1ZygiQUNSMTIyIFRYOiAiLCBEVU1QX1BSRUZJWF9OT05FLCAxNiwgMSwK IAkJICAgICAgIGNtZCwgc2l6ZW9mKGNtZCksIGZhbHNlKTsKIAotCXJjID0gdXNiX3N1Ym1pdF91 cmIocGh5LT5vdXRfdXJiLCBHRlBfS0VSTkVMKTsKLQlpZiAocmMpIHsKKwlyYyA9IHVzYl9idWxr X21zZyhwaHktPnVkZXYsIHBoeS0+b3V0X3VyYi0+cGlwZSwgYnVmZmVyLCBzaXplb2YoY21kKSwK KwkJCSAgJnRyYW5zZmVycmVkLCAwKTsKKwlrZnJlZShidWZmZXIpOworCWlmIChyYyB8fCAodHJh bnNmZXJyZWQgIT0gc2l6ZW9mKGNtZCkpKSB7CiAJCW5mY19lcnIoJnBoeS0+dWRldi0+ZGV2LAog CQkJIlJlYWRlciBwb3dlciBvbiBjbWQgZXJyb3IgJWRcbiIsIHJjKTsKIAkJcmV0dXJuIHJjOwpA QCAtNDkwLDggKzUwMSw5IEBAIHN0YXRpYyBpbnQgcG41MzNfdXNiX3Byb2JlKHN0cnVjdCB1c2Jf aW4KIAogCXBoeS0+aW5fdXJiID0gdXNiX2FsbG9jX3VyYigwLCBHRlBfS0VSTkVMKTsKIAlwaHkt Pm91dF91cmIgPSB1c2JfYWxsb2NfdXJiKDAsIEdGUF9LRVJORUwpOworCXBoeS0+YWNrX3VyYiA9 IHVzYl9hbGxvY191cmIoMCwgR0ZQX0tFUk5FTCk7CiAKLQlpZiAoIXBoeS0+aW5fdXJiIHx8ICFw aHktPm91dF91cmIpCisJaWYgKCFwaHktPmluX3VyYiB8fCAhcGh5LT5vdXRfdXJiIHx8ICFwaHkt PmFja191cmIpCiAJCWdvdG8gZXJyb3I7CiAKIAl1c2JfZmlsbF9idWxrX3VyYihwaHktPmluX3Vy YiwgcGh5LT51ZGV2LApAQCAtNTAxLDcgKzUxMyw5IEBAIHN0YXRpYyBpbnQgcG41MzNfdXNiX3By b2JlKHN0cnVjdCB1c2JfaW4KIAl1c2JfZmlsbF9idWxrX3VyYihwaHktPm91dF91cmIsIHBoeS0+ dWRldiwKIAkJCSAgdXNiX3NuZGJ1bGtwaXBlKHBoeS0+dWRldiwgb3V0X2VuZHBvaW50KSwKIAkJ CSAgTlVMTCwgMCwgcG41MzNfc2VuZF9jb21wbGV0ZSwgcGh5KTsKLQorCXVzYl9maWxsX2J1bGtf dXJiKHBoeS0+YWNrX3VyYiwgcGh5LT51ZGV2LAorCQkJICB1c2Jfc25kYnVsa3BpcGUocGh5LT51 ZGV2LCBvdXRfZW5kcG9pbnQpLAorCQkJICBOVUxMLCAwLCBwbjUzM19zZW5kX2NvbXBsZXRlLCBw aHkpOwogCiAJc3dpdGNoIChpZC0+ZHJpdmVyX2luZm8pIHsKIAljYXNlIFBONTMzX0RFVklDRV9T VEQ6CkBAIC01NTQsNiArNTY4LDcgQEAgc3RhdGljIGludCBwbjUzM191c2JfcHJvYmUoc3RydWN0 IHVzYl9pbgogZXJyb3I6CiAJdXNiX2ZyZWVfdXJiKHBoeS0+aW5fdXJiKTsKIAl1c2JfZnJlZV91 cmIocGh5LT5vdXRfdXJiKTsKKwl1c2JfZnJlZV91cmIocGh5LT5hY2tfdXJiKTsKIAl1c2JfcHV0 X2RldihwaHktPnVkZXYpOwogCWtmcmVlKGluX2J1Zik7CiAKQEAgLTU3MywxMCArNTg4LDEzIEBA IHN0YXRpYyB2b2lkIHBuNTMzX3VzYl9kaXNjb25uZWN0KHN0cnVjdAogCiAJdXNiX2tpbGxfdXJi KHBoeS0+aW5fdXJiKTsKIAl1c2Jfa2lsbF91cmIocGh5LT5vdXRfdXJiKTsKKwl1c2Jfa2lsbF91 cmIocGh5LT5hY2tfdXJiKTsKIAogCWtmcmVlKHBoeS0+aW5fdXJiLT50cmFuc2Zlcl9idWZmZXIp OwogCXVzYl9mcmVlX3VyYihwaHktPmluX3VyYik7CiAJdXNiX2ZyZWVfdXJiKHBoeS0+b3V0X3Vy Yik7CisJdXNiX2ZyZWVfdXJiKHBoeS0+YWNrX3VyYik7CisJa2ZyZWUocGh5LT5hY2tfYnVmZmVy KTsKIAogCW5mY19pbmZvKCZpbnRlcmZhY2UtPmRldiwgIk5YUCBQTjUzMyBORkMgZGV2aWNlIGRp c2Nvbm5lY3RlZFxuIik7CiB9Cg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kernel.org ([198.145.29.99]:35974 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750936AbeETNUE (ORCPT ); Sun, 20 May 2018 09:20:04 -0400 Date: Sun, 20 May 2018 15:19:46 +0200 From: Greg Kroah-Hartman To: Arend van Spriel , Carlos Manuel Santos , Samuel Ortiz , Stephen Hemminger , linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org Subject: [PATCH v4] NFC: pn533: don't send USB data off of the stack Message-ID: <20180520131946.GA7325@kroah.com> (sfid-20180520_152009_646685_C167856D) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-wireless-owner@vger.kernel.org List-ID: It's amazing that this driver ever worked, but now that x86 doesn't allow USB data to be sent off of the stack, it really does not work at all. Fix this up by properly allocating the data for the small "commands" that get sent to the device off of the stack. We do this for one command by having a whole urb just for ack messages, as they can be submitted in interrupt context, so we can not use usb_bulk_msg(). But the poweron command can sleep (and does), so use usb_bulk_msg() for that transfer. Reported-by: Carlos Manuel Santos Cc: Samuel Ortiz Cc: Stephen Hemminger Cc: stable Signed-off-by: Greg Kroah-Hartman --- v4: don't use urb transfer buffer flags as the memory is tied to the urb (thanks to Johan) Now we have a new static urb, and we use usb_bulk_msg() for the other message. v3: actually use the correct buffer (thanks to Arend van Spriel) use kmemdup (thanks to Johannes Berg and Julia Lawall) v2: set the urb flags correctly drivers/nfc/pn533/usb.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) --- a/drivers/nfc/pn533/usb.c +++ b/drivers/nfc/pn533/usb.c @@ -62,6 +62,9 @@ struct pn533_usb_phy { struct urb *out_urb; struct urb *in_urb; + struct urb *ack_urb; + u8 *ack_buffer; + struct pn533 *priv; }; @@ -150,13 +153,16 @@ static int pn533_usb_send_ack(struct pn5 struct pn533_usb_phy *phy = dev->phy; static const u8 ack[6] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ - int rc; - phy->out_urb->transfer_buffer = (u8 *)ack; - phy->out_urb->transfer_buffer_length = sizeof(ack); - rc = usb_submit_urb(phy->out_urb, flags); + if (!phy->ack_buffer) { + phy->ack_buffer = kmemdup(ack, sizeof(ack), flags); + if (!phy->ack_buffer) + return -ENOMEM; + } - return rc; + phy->ack_urb->transfer_buffer = phy->ack_buffer; + phy->ack_urb->transfer_buffer_length = sizeof(ack); + return usb_submit_urb(phy->ack_urb, flags); } static int pn533_usb_send_frame(struct pn533 *dev, @@ -375,26 +381,31 @@ static int pn533_acr122_poweron_rdr(stru /* Power on th reader (CCID cmd) */ u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON, 0, 0, 0, 0, 0, 0, 3, 0, 0}; + char *buffer; + int transferred; int rc; void *cntx; struct pn533_acr122_poweron_rdr_arg arg; dev_dbg(&phy->udev->dev, "%s\n", __func__); + buffer = kmemdup(cmd, sizeof(cmd), GFP_KERNEL); + if (!buffer) + return -ENOMEM; + init_completion(&arg.done); cntx = phy->in_urb->context; /* backup context */ phy->in_urb->complete = pn533_acr122_poweron_rdr_resp; phy->in_urb->context = &arg; - phy->out_urb->transfer_buffer = cmd; - phy->out_urb->transfer_buffer_length = sizeof(cmd); - print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1, cmd, sizeof(cmd), false); - rc = usb_submit_urb(phy->out_urb, GFP_KERNEL); - if (rc) { + rc = usb_bulk_msg(phy->udev, phy->out_urb->pipe, buffer, sizeof(cmd), + &transferred, 0); + kfree(buffer); + if (rc || (transferred != sizeof(cmd))) { nfc_err(&phy->udev->dev, "Reader power on cmd error %d\n", rc); return rc; @@ -490,8 +501,9 @@ static int pn533_usb_probe(struct usb_in phy->in_urb = usb_alloc_urb(0, GFP_KERNEL); phy->out_urb = usb_alloc_urb(0, GFP_KERNEL); + phy->ack_urb = usb_alloc_urb(0, GFP_KERNEL); - if (!phy->in_urb || !phy->out_urb) + if (!phy->in_urb || !phy->out_urb || !phy->ack_urb) goto error; usb_fill_bulk_urb(phy->in_urb, phy->udev, @@ -501,7 +513,9 @@ static int pn533_usb_probe(struct usb_in usb_fill_bulk_urb(phy->out_urb, phy->udev, usb_sndbulkpipe(phy->udev, out_endpoint), NULL, 0, pn533_send_complete, phy); - + usb_fill_bulk_urb(phy->ack_urb, phy->udev, + usb_sndbulkpipe(phy->udev, out_endpoint), + NULL, 0, pn533_send_complete, phy); switch (id->driver_info) { case PN533_DEVICE_STD: @@ -554,6 +568,7 @@ static int pn533_usb_probe(struct usb_in error: usb_free_urb(phy->in_urb); usb_free_urb(phy->out_urb); + usb_free_urb(phy->ack_urb); usb_put_dev(phy->udev); kfree(in_buf); @@ -573,10 +588,13 @@ static void pn533_usb_disconnect(struct usb_kill_urb(phy->in_urb); usb_kill_urb(phy->out_urb); + usb_kill_urb(phy->ack_urb); kfree(phy->in_urb->transfer_buffer); usb_free_urb(phy->in_urb); usb_free_urb(phy->out_urb); + usb_free_urb(phy->ack_urb); + kfree(phy->ack_buffer); nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n"); }