From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x225+34P66xggn8FDIibpy3jsmvtHBNgRvZSdY3L/75VwbKQX8Qu7aE1PPazTR5X/pz/44BSa ARC-Seal: i=1; a=rsa-sha256; t=1516610928; cv=none; d=google.com; s=arc-20160816; b=RnrtrGZUrjYTMh4mxvG0KVw0YF+4m3uEqWAF4ypnKFYkptHIBg0b7Gf4FJyGBywMWK p8EX6lni4fr4wEGbijQPrdSE5/De6rU/YXuucG3JlfGSjyQryLF1BBsfAwCEQ4hcnlIO jE2N6qWOWoL7l9mFq8OX9wopXaVxORyauLaq2hW8bgufk2TjTfXHn9RBM3BQl6NjCK6s +blfOu7WH/doD4VNuDeSkyFbYAMFDCO/ozKimGS5prgrt3wOZwF54r6vlJjgMGRmxDGe BC/qxLYTZLDA5dStWtX6DREw53kgRduCilreeceNODdB2rQC5GTkIWBL3QwHWXgcCp4M tF+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Xs4bi1LHTZ3PJqTAhqT0vRQhQ0DCq+9e2qwiBGnYwTA=; b=U9R1dNmya70P147PstZC1WfAoH/Gnyf4rTHhXfdAf7bzyQ9ZmxflC8ix9A/h4lG7T8 Ng9DMdsqei4F8yPuslXB+wHvCMqOYrWfYVoCgcS4AXwGj6FeS7ghS3a+8BMpRRA2dVYW ZcDszRZUlWgEgSCoV6yHojX+d8M7m7imPAHYg8twaOX+x1x7+zbz8khk4jjwZJXRANEi u+gV0D131ch8s0jGvSXtktOp96+5+WPbpCmQlEK4IhyNDRvI0L4Fva0iKyCkEHItBAE2 pC3FKj1lyySI8veIokJZpO74Mfu30pHV5udZV0uTm280Vu92clKLEhdtKb/qcK+hDgt7 Yk5A== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephane Grosjean , Marc Kleine-Budde Subject: [PATCH 4.9 32/47] can: peak: fix potential bug in packet fragmentation Date: Mon, 22 Jan 2018 09:45:43 +0100 Message-Id: <20180122083928.135593511@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083925.568134913@linuxfoundation.org> References: <20180122083925.568134913@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590281416708596957?= X-GMAIL-MSGID: =?utf-8?q?1590281821134595404?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stephane Grosjean commit d8a243af1a68395e07ac85384a2740d4134c67f4 upstream. In some rare conditions when running one PEAK USB-FD interface over a non high-speed USB controller, one useless USB fragment might be sent. This patch fixes the way a USB command is fragmented when its length is greater than 64 bytes and when the underlying USB controller is not a high-speed one. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde Signed-off-by: Greg Kroah-Hartman --- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c +++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c @@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct p void *cmd_head = pcan_usb_fd_cmd_buffer(dev); int err = 0; u8 *packet_ptr; - int i, n = 1, packet_len; + int packet_len; ptrdiff_t cmd_len; /* usb device unregistered? */ @@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr = cmd_head; + packet_len = cmd_len; /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ - if ((dev->udev->speed != USB_SPEED_HIGH) && - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; - n += cmd_len / packet_len; - } else { - packet_len = cmd_len; - } + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); - for (i = 0; i < n; i++) { + do { err = usb_bulk_msg(dev->udev, usb_sndbulkpipe(dev->udev, PCAN_USBPRO_EP_CMDOUT), @@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr += packet_len; - } + cmd_len -= packet_len; + + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) + packet_len = cmd_len; + + } while (packet_len > 0); return err; }