From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x224d+lD0osuEJst6G4ufMfTw0fVfTVxQsZU50oPWtTo94tD4cV1bO00NXy5u7Og/wE24XwSt ARC-Seal: i=1; a=rsa-sha256; t=1516611171; cv=none; d=google.com; s=arc-20160816; b=cxVIttzBEOZdde+X2KJbsUPhgsyy109J1KIa20svGP+k+bA7oZVLMr/RkTCsre73cb K3oSnwk/he86vR1FIMtmSRlNeW4lR8tDr6sHNGZZr6NaDF6TJnPD3Tca49yXIbWY1Ods 2OlwzFLDq332jTkXzprUWbTZgtdXfq87QRZai5U90/A20xq6RmCzEdzxXi2HU/6whU8l 9uqMexQSWiO/WBbZ3Exxmwkanhmn5vC6J2J5hpswsg5RH+QWqRb0Ha+y/P7Kj1dIQRGO Tee+rumVVgtU1zDJsZ7YZEDwdK3RaqchaNkJie+wALNz973B1RGwFKZRCtGlYHaNMNja wUUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=aCH0/Wji1AxAzJUAUxDC+Z1fPWW04sfA53MRvma+Mp4=; b=uOfPnbzHSvHM8U2pbv8U/1djQKJrDaU5zbxSQjvUqgUbFl4XVdTXLvhoJHHA1HDQGH WblUvzYyLiZwKFBIq355sPsUezaQOq1KxGebOp9iNu26fS06TxzIPJaQaLsLbmTqNJce uxxczz1v6iA84OVdeP4+reL6qNeLm/KwFUJWeW9ejilEm6NyjHDRiY1q1LafMVpOTs2n C/tyn0EU0e/R4bQC5ERMAQo9oK/1hJid3e0HnUjwu7c3JAiKq2tTy7BSKtIuyxZVR8YI 6hweXSrD7dLm0Ssf40+vz5ovJoB19PDKpMcFK973U6VvdQHfa3kZA4jQATgEFQ1PPH9t HWdg== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephane Grosjean , Marc Kleine-Budde Subject: [PATCH 4.14 60/89] can: peak: fix potential bug in packet fragmentation Date: Mon, 22 Jan 2018 09:45:40 +0100 Message-Id: <20180122084000.660950157@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083954.683903493@linuxfoundation.org> References: <20180122083954.683903493@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590281416708596957?= X-GMAIL-MSGID: =?utf-8?q?1590282075625730647?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Stephane Grosjean commit d8a243af1a68395e07ac85384a2740d4134c67f4 upstream. In some rare conditions when running one PEAK USB-FD interface over a non high-speed USB controller, one useless USB fragment might be sent. This patch fixes the way a USB command is fragmented when its length is greater than 64 bytes and when the underlying USB controller is not a high-speed one. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde Signed-off-by: Greg Kroah-Hartman --- drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) --- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c +++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c @@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct p void *cmd_head = pcan_usb_fd_cmd_buffer(dev); int err = 0; u8 *packet_ptr; - int i, n = 1, packet_len; + int packet_len; ptrdiff_t cmd_len; /* usb device unregistered? */ @@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr = cmd_head; + packet_len = cmd_len; /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ - if ((dev->udev->speed != USB_SPEED_HIGH) && - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; - n += cmd_len / packet_len; - } else { - packet_len = cmd_len; - } + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); - for (i = 0; i < n; i++) { + do { err = usb_bulk_msg(dev->udev, usb_sndbulkpipe(dev->udev, PCAN_USBPRO_EP_CMDOUT), @@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct p } packet_ptr += packet_len; - } + cmd_len -= packet_len; + + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) + packet_len = cmd_len; + + } while (packet_len > 0); return err; }