[PATCH] af9015: do not use buffers from stack for usb_bulk

linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] af9015: do not use buffers from stack for usb_bulk_msg()
@ 2013-02-24 23:39 Antti Palosaari
  2013-02-24 23:49 ` Antti Palosaari
  2013-02-25 11:14 ` Mauro Carvalho Chehab
  0 siblings, 2 replies; 3+ messages in thread
From: Antti Palosaari @ 2013-02-24 23:39 UTC (permalink / raw)
  To: linux-media; +Cc: poma, Antti Palosaari

WARNING: at lib/dma-debug.c:947 check_for_stack+0xa7/0xf0()
ehci-pci 0000:00:04.1: DMA-API: device driver maps memory fromstack

Reported-by: poma <pomidorabelisima@gmail.com>
Signed-off-by: Antti Palosaari <crope@iki.fi>
---
 drivers/media/usb/dvb-usb-v2/af9015.c | 34 ++++++++++++++++------------------
 drivers/media/usb/dvb-usb-v2/af9015.h |  2 ++
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/drivers/media/usb/dvb-usb-v2/af9015.c b/drivers/media/usb/dvb-usb-v2/af9015.c
index b86d0f2..28983aa 100644
--- a/drivers/media/usb/dvb-usb-v2/af9015.c
+++ b/drivers/media/usb/dvb-usb-v2/af9015.c
@@ -30,22 +30,20 @@ DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);
 
 static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
 {
-#define BUF_LEN 63
 #define REQ_HDR_LEN 8 /* send header size */
 #define ACK_HDR_LEN 2 /* rece header size */
 	struct af9015_state *state = d_to_priv(d);
 	int ret, wlen, rlen;
-	u8 buf[BUF_LEN];
 	u8 write = 1;
 
-	buf[0] = req->cmd;
-	buf[1] = state->seq++;
-	buf[2] = req->i2c_addr;
-	buf[3] = req->addr >> 8;
-	buf[4] = req->addr & 0xff;
-	buf[5] = req->mbox;
-	buf[6] = req->addr_len;
-	buf[7] = req->data_len;
+	state->buf[0] = req->cmd;
+	state->buf[1] = state->seq++;
+	state->buf[2] = req->i2c_addr;
+	state->buf[3] = req->addr >> 8;
+	state->buf[4] = req->addr & 0xff;
+	state->buf[5] = req->mbox;
+	state->buf[6] = req->addr_len;
+	state->buf[7] = req->data_len;
 
 	switch (req->cmd) {
 	case GET_CONFIG:
@@ -55,14 +53,14 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
 		break;
 	case READ_I2C:
 		write = 0;
-		buf[2] |= 0x01; /* set I2C direction */
+		state->buf[2] |= 0x01; /* set I2C direction */
 	case WRITE_I2C:
-		buf[0] = READ_WRITE_I2C;
+		state->buf[0] = READ_WRITE_I2C;
 		break;
 	case WRITE_MEMORY:
 		if (((req->addr & 0xff00) == 0xff00) ||
 		    ((req->addr & 0xff00) == 0xae00))
-			buf[0] = WRITE_VIRTUAL_MEMORY;
+			state->buf[0] = WRITE_VIRTUAL_MEMORY;
 	case WRITE_VIRTUAL_MEMORY:
 	case COPY_FIRMWARE:
 	case DOWNLOAD_FIRMWARE:
@@ -90,7 +88,7 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
 	rlen = ACK_HDR_LEN;
 	if (write) {
 		wlen += req->data_len;
-		memcpy(&buf[REQ_HDR_LEN], req->data, req->data_len);
+		memcpy(&state->buf[REQ_HDR_LEN], req->data, req->data_len);
 	} else {
 		rlen += req->data_len;
 	}
@@ -99,21 +97,21 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
 	if (req->cmd == DOWNLOAD_FIRMWARE || req->cmd == RECONNECT_USB)
 		rlen = 0;
 
-	ret = dvb_usbv2_generic_rw(d, buf, wlen, buf, rlen);
+	ret = dvb_usbv2_generic_rw(d, state->buf, wlen, state->buf, rlen);
 	if (ret)
 		goto error;
 
 	/* check status */
-	if (rlen && buf[1]) {
+	if (rlen && state->buf[1]) {
 		dev_err(&d->udev->dev, "%s: command failed=%d\n",
-				KBUILD_MODNAME, buf[1]);
+				KBUILD_MODNAME, state->buf[1]);
 		ret = -EIO;
 		goto error;
 	}
 
 	/* read request, copy returned data to return buf */
 	if (!write)
-		memcpy(req->data, &buf[ACK_HDR_LEN], req->data_len);
+		memcpy(req->data, &state->buf[ACK_HDR_LEN], req->data_len);
 error:
 	return ret;
 }
diff --git a/drivers/media/usb/dvb-usb-v2/af9015.h b/drivers/media/usb/dvb-usb-v2/af9015.h
index 533637d..3a6f3ad 100644
--- a/drivers/media/usb/dvb-usb-v2/af9015.h
+++ b/drivers/media/usb/dvb-usb-v2/af9015.h
@@ -115,7 +115,9 @@ enum af9015_ir_mode {
 	AF9015_IR_MODE_POLLING, /* just guess */
 };
 
+#define BUF_LEN 63
 struct af9015_state {
+	u8 buf[BUF_LEN]; /* bulk USB control message */
 	u8 ir_mode;
 	u8 rc_repeat;
 	u32 rc_keycode;
-- 
1.7.11.7


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] af9015: do not use buffers from stack for usb_bulk_msg()
  2013-02-24 23:39 [PATCH] af9015: do not use buffers from stack for usb_bulk_msg() Antti Palosaari
@ 2013-02-24 23:49 ` Antti Palosaari
  2013-02-25 11:14 ` Mauro Carvalho Chehab
  1 sibling, 0 replies; 3+ messages in thread
From: Antti Palosaari @ 2013-02-24 23:49 UTC (permalink / raw)
  Cc: linux-media, poma

Ooops, I think it will not work properly for the long ran as there is no 
lock to serialize access to that buffer early enough.

I have to rethink whole situation and maybe try to move "usb_mutex" from 
the dvb_usbv2_generic_rw() to the device driver. Or add totally new mutex.


regards
Antti

On 02/25/2013 01:39 AM, Antti Palosaari wrote:
> WARNING: at lib/dma-debug.c:947 check_for_stack+0xa7/0xf0()
> ehci-pci 0000:00:04.1: DMA-API: device driver maps memory fromstack
>
> Reported-by: poma <pomidorabelisima@gmail.com>
> Signed-off-by: Antti Palosaari <crope@iki.fi>
> ---
>   drivers/media/usb/dvb-usb-v2/af9015.c | 34 ++++++++++++++++------------------
>   drivers/media/usb/dvb-usb-v2/af9015.h |  2 ++
>   2 files changed, 18 insertions(+), 18 deletions(-)
>
> diff --git a/drivers/media/usb/dvb-usb-v2/af9015.c b/drivers/media/usb/dvb-usb-v2/af9015.c
> index b86d0f2..28983aa 100644
> --- a/drivers/media/usb/dvb-usb-v2/af9015.c
> +++ b/drivers/media/usb/dvb-usb-v2/af9015.c
> @@ -30,22 +30,20 @@ DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);
>
>   static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>   {
> -#define BUF_LEN 63
>   #define REQ_HDR_LEN 8 /* send header size */
>   #define ACK_HDR_LEN 2 /* rece header size */
>   	struct af9015_state *state = d_to_priv(d);
>   	int ret, wlen, rlen;
> -	u8 buf[BUF_LEN];
>   	u8 write = 1;
>
> -	buf[0] = req->cmd;
> -	buf[1] = state->seq++;
> -	buf[2] = req->i2c_addr;
> -	buf[3] = req->addr >> 8;
> -	buf[4] = req->addr & 0xff;
> -	buf[5] = req->mbox;
> -	buf[6] = req->addr_len;
> -	buf[7] = req->data_len;
> +	state->buf[0] = req->cmd;
> +	state->buf[1] = state->seq++;
> +	state->buf[2] = req->i2c_addr;
> +	state->buf[3] = req->addr >> 8;
> +	state->buf[4] = req->addr & 0xff;
> +	state->buf[5] = req->mbox;
> +	state->buf[6] = req->addr_len;
> +	state->buf[7] = req->data_len;
>
>   	switch (req->cmd) {
>   	case GET_CONFIG:
> @@ -55,14 +53,14 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>   		break;
>   	case READ_I2C:
>   		write = 0;
> -		buf[2] |= 0x01; /* set I2C direction */
> +		state->buf[2] |= 0x01; /* set I2C direction */
>   	case WRITE_I2C:
> -		buf[0] = READ_WRITE_I2C;
> +		state->buf[0] = READ_WRITE_I2C;
>   		break;
>   	case WRITE_MEMORY:
>   		if (((req->addr & 0xff00) == 0xff00) ||
>   		    ((req->addr & 0xff00) == 0xae00))
> -			buf[0] = WRITE_VIRTUAL_MEMORY;
> +			state->buf[0] = WRITE_VIRTUAL_MEMORY;
>   	case WRITE_VIRTUAL_MEMORY:
>   	case COPY_FIRMWARE:
>   	case DOWNLOAD_FIRMWARE:
> @@ -90,7 +88,7 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>   	rlen = ACK_HDR_LEN;
>   	if (write) {
>   		wlen += req->data_len;
> -		memcpy(&buf[REQ_HDR_LEN], req->data, req->data_len);
> +		memcpy(&state->buf[REQ_HDR_LEN], req->data, req->data_len);
>   	} else {
>   		rlen += req->data_len;
>   	}
> @@ -99,21 +97,21 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>   	if (req->cmd == DOWNLOAD_FIRMWARE || req->cmd == RECONNECT_USB)
>   		rlen = 0;
>
> -	ret = dvb_usbv2_generic_rw(d, buf, wlen, buf, rlen);
> +	ret = dvb_usbv2_generic_rw(d, state->buf, wlen, state->buf, rlen);
>   	if (ret)
>   		goto error;
>
>   	/* check status */
> -	if (rlen && buf[1]) {
> +	if (rlen && state->buf[1]) {
>   		dev_err(&d->udev->dev, "%s: command failed=%d\n",
> -				KBUILD_MODNAME, buf[1]);
> +				KBUILD_MODNAME, state->buf[1]);
>   		ret = -EIO;
>   		goto error;
>   	}
>
>   	/* read request, copy returned data to return buf */
>   	if (!write)
> -		memcpy(req->data, &buf[ACK_HDR_LEN], req->data_len);
> +		memcpy(req->data, &state->buf[ACK_HDR_LEN], req->data_len);
>   error:
>   	return ret;
>   }
> diff --git a/drivers/media/usb/dvb-usb-v2/af9015.h b/drivers/media/usb/dvb-usb-v2/af9015.h
> index 533637d..3a6f3ad 100644
> --- a/drivers/media/usb/dvb-usb-v2/af9015.h
> +++ b/drivers/media/usb/dvb-usb-v2/af9015.h
> @@ -115,7 +115,9 @@ enum af9015_ir_mode {
>   	AF9015_IR_MODE_POLLING, /* just guess */
>   };
>
> +#define BUF_LEN 63
>   struct af9015_state {
> +	u8 buf[BUF_LEN]; /* bulk USB control message */
>   	u8 ir_mode;
>   	u8 rc_repeat;
>   	u32 rc_keycode;
>


-- 
http://palosaari.fi/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] af9015: do not use buffers from stack for usb_bulk_msg()
  2013-02-24 23:39 [PATCH] af9015: do not use buffers from stack for usb_bulk_msg() Antti Palosaari
  2013-02-24 23:49 ` Antti Palosaari
@ 2013-02-25 11:14 ` Mauro Carvalho Chehab
  1 sibling, 0 replies; 3+ messages in thread
From: Mauro Carvalho Chehab @ 2013-02-25 11:14 UTC (permalink / raw)
  To: Antti Palosaari; +Cc: linux-media, poma

Em Mon, 25 Feb 2013 01:39:41 +0200
Antti Palosaari <crope@iki.fi> escreveu:

> WARNING: at lib/dma-debug.c:947 check_for_stack+0xa7/0xf0()
> ehci-pci 0000:00:04.1: DMA-API: device driver maps memory fromstack
> 
> Reported-by: poma <pomidorabelisima@gmail.com>
> Signed-off-by: Antti Palosaari <crope@iki.fi>
> ---
>  drivers/media/usb/dvb-usb-v2/af9015.c | 34 ++++++++++++++++------------------
>  drivers/media/usb/dvb-usb-v2/af9015.h |  2 ++
>  2 files changed, 18 insertions(+), 18 deletions(-)
> 
> diff --git a/drivers/media/usb/dvb-usb-v2/af9015.c b/drivers/media/usb/dvb-usb-v2/af9015.c
> index b86d0f2..28983aa 100644
> --- a/drivers/media/usb/dvb-usb-v2/af9015.c
> +++ b/drivers/media/usb/dvb-usb-v2/af9015.c
> @@ -30,22 +30,20 @@ DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);
>  
>  static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>  {
> -#define BUF_LEN 63
>  #define REQ_HDR_LEN 8 /* send header size */
>  #define ACK_HDR_LEN 2 /* rece header size */
>  	struct af9015_state *state = d_to_priv(d);
>  	int ret, wlen, rlen;
> -	u8 buf[BUF_LEN];
>  	u8 write = 1;
>  
> -	buf[0] = req->cmd;
> -	buf[1] = state->seq++;
> -	buf[2] = req->i2c_addr;
> -	buf[3] = req->addr >> 8;
> -	buf[4] = req->addr & 0xff;
> -	buf[5] = req->mbox;
> -	buf[6] = req->addr_len;
> -	buf[7] = req->data_len;
> +	state->buf[0] = req->cmd;
> +	state->buf[1] = state->seq++;
> +	state->buf[2] = req->i2c_addr;
> +	state->buf[3] = req->addr >> 8;
> +	state->buf[4] = req->addr & 0xff;
> +	state->buf[5] = req->mbox;
> +	state->buf[6] = req->addr_len;
> +	state->buf[7] = req->data_len;
>  
>  	switch (req->cmd) {
>  	case GET_CONFIG:
> @@ -55,14 +53,14 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>  		break;
>  	case READ_I2C:
>  		write = 0;
> -		buf[2] |= 0x01; /* set I2C direction */
> +		state->buf[2] |= 0x01; /* set I2C direction */
>  	case WRITE_I2C:
> -		buf[0] = READ_WRITE_I2C;
> +		state->buf[0] = READ_WRITE_I2C;
>  		break;
>  	case WRITE_MEMORY:
>  		if (((req->addr & 0xff00) == 0xff00) ||
>  		    ((req->addr & 0xff00) == 0xae00))
> -			buf[0] = WRITE_VIRTUAL_MEMORY;
> +			state->buf[0] = WRITE_VIRTUAL_MEMORY;
>  	case WRITE_VIRTUAL_MEMORY:
>  	case COPY_FIRMWARE:
>  	case DOWNLOAD_FIRMWARE:
> @@ -90,7 +88,7 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>  	rlen = ACK_HDR_LEN;
>  	if (write) {
>  		wlen += req->data_len;
> -		memcpy(&buf[REQ_HDR_LEN], req->data, req->data_len);
> +		memcpy(&state->buf[REQ_HDR_LEN], req->data, req->data_len);
>  	} else {
>  		rlen += req->data_len;
>  	}
> @@ -99,21 +97,21 @@ static int af9015_ctrl_msg(struct dvb_usb_device *d, struct req_t *req)
>  	if (req->cmd == DOWNLOAD_FIRMWARE || req->cmd == RECONNECT_USB)
>  		rlen = 0;
>  
> -	ret = dvb_usbv2_generic_rw(d, buf, wlen, buf, rlen);
> +	ret = dvb_usbv2_generic_rw(d, state->buf, wlen, state->buf, rlen);
>  	if (ret)
>  		goto error;
>  
>  	/* check status */
> -	if (rlen && buf[1]) {
> +	if (rlen && state->buf[1]) {
>  		dev_err(&d->udev->dev, "%s: command failed=%d\n",
> -				KBUILD_MODNAME, buf[1]);
> +				KBUILD_MODNAME, state->buf[1]);
>  		ret = -EIO;
>  		goto error;
>  	}
>  
>  	/* read request, copy returned data to return buf */
>  	if (!write)
> -		memcpy(req->data, &buf[ACK_HDR_LEN], req->data_len);
> +		memcpy(req->data, &state->buf[ACK_HDR_LEN], req->data_len);

Now that you're using just one buffer here, you'll need to protect this
routine with a mutex, as af9015_rc_query() may be called by a kthread 
while af9015_ctrl_msg() is running. As the RC polling code will also call
af9015_ctrl_msg() and both will be filling the very same state->buf, a
race condition happens.

-- 

Cheers,
Mauro

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-02-25 11:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-24 23:39 [PATCH] af9015: do not use buffers from stack for usb_bulk_msg() Antti Palosaari
2013-02-24 23:49 ` Antti Palosaari
2013-02-25 11:14 ` Mauro Carvalho Chehab

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).