From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x225VDmVG1QgwUI1sZV00UAUb0D+1b8VbEw1HnE3wltvuYXsXb+l+owHNDMsaVXtCAyeyanXb ARC-Seal: i=1; a=rsa-sha256; t=1516610542; cv=none; d=google.com; s=arc-20160816; b=sepx9YI11hlOEYnK0dIPxL9ULUKFtF6HXC/PW2caSM4fOHf3Ac07/k6LYEP2v7UIwG DOYub+tr+erzb9F7oXJ87H6XvBf5szcaMjnHzI4Ffecr9IhoFEI4lDedgiB33Mcaayad QszIz7jbzwse7a30m8TaMkD/2bGf8JhW5iWV++Nn1HiZX305sV1kuGeJakiP++u893WA lO4fM3gNNO3V/ujb3pP0aiOWBuQZpdBkCqGX6EUnD7qG8omaxlSMlfzW+xxUSZXsMqnq GPkSnHj0Da++/RqL2Fsj+MZfdWQ8k0zCzXEwu7uobBy4IwloDMrfDDpBsw4GmjkZzIp5 y1dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=KB8mlatlwfxwqYaLs8+iXXDXcR6D9357YVF51fMKy70=; b=wOi72bubckI3kLkMlyCCyjRcLmQmtmVT2m7ysPXNfB9k+GQzKIUIpVxN/fZ72zrMdz lES9gb4Wjz75Dc9NB6QspFCllE4zyWQ3yNuyA7f48LiNd1hR9u7OExpgTWOFaO5lMTuu hk8SLd/Tgtu9JT7P9Zh+ny7YHqAQ6R+Ps4/KvEUgIsjDuyn7zX8d7SXBInSd5CzsI8bq 3fT3xNILjzA1MZvxR/TCdwdfT6CELPWRAMNwEEIQOGiJsuZWZ43Gq+/+uSo8+HbDvmif 9kHA4DiFZTugbSdarAmRkhFiBFWylJZ2Db8WDu/xXS1tfw7RmRUtniqmCYVSug70u/a9 Z7QQ== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephane Grosjean , Marc Kleine-Budde Subject: [PATCH 4.4 41/53] can: peak: fix potential bug in packet fragmentation Date: Mon, 22 Jan 2018 09:40:33 +0100 Message-Id: <20180122083912.187602135@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083910.299610926@linuxfoundation.org> References: <20180122083910.299610926@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590281416708596957?= X-GMAIL-MSGID: =?utf-8?q?1590281416708596957?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stephane Grosjean commit d8a243af1a68395e07ac85384a2740d4134c67f4 upstream. In some rare conditions when running one PEAK USB-FD interface over a non high-speed USB controller, one useless USB fragment might be sent. This patch fixes the way a USB command is fragmented when its length is greater than 64 bytes and when the underlying USB controller is not a high-speed one. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde Signed-off-by: Greg Kroah-Hartman --- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c +++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c @@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct p void *cmd_head = pcan_usb_fd_cmd_buffer(dev); int err = 0; u8 *packet_ptr; - int i, n = 1, packet_len; + int packet_len; ptrdiff_t cmd_len; /* usb device unregistered? */ @@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr = cmd_head; + packet_len = cmd_len; /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ - if ((dev->udev->speed != USB_SPEED_HIGH) && - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; - n += cmd_len / packet_len; - } else { - packet_len = cmd_len; - } + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); - for (i = 0; i < n; i++) { + do { err = usb_bulk_msg(dev->udev, usb_sndbulkpipe(dev->udev, PCAN_USBPRO_EP_CMDOUT), @@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr += packet_len; - } + cmd_len -= packet_len; + + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) + packet_len = cmd_len; + + } while (packet_len > 0); return err; }