carl9170: fix sending URBs with wrong type when using full-speed
authorRonald Wahl <ronald.wahl@raritan.com>
Thu, 7 Aug 2014 12:15:50 +0000 (14:15 +0200)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 11 Aug 2014 18:43:51 +0000 (14:43 -0400)
The driver assumes that endpoint 4 is always an interrupt endpoint.
Unfortunately the type differs between high-speed and full-speed
configurations while in the former case it is indeed an interrupt
endpoint this is not true for the latter case - here it is a bulk
endpoint. When sending URBs with the wrong type the kernel will
generate a warning message including backtrace. In this specific
case there will be a huge amount of warnings which can bring the system
to freeze.

To fix this we are now sending URBs to endpoint 4 using the type
found in the endpoint descriptor.

A side note: The carl9170 firmware currently specifies endpoint 4 as
interrupt endpoint even in the full-speed configuration but this has
no relevance because before this firmware is loaded the endpoint type
is as described above and after the firmware is running the stick is not
reenumerated and so the old descriptor is used.

Signed-off-by: Ronald Wahl <ronald.wahl@raritan.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/ath/carl9170/carl9170.h
drivers/net/wireless/ath/carl9170/usb.c

index 8596aba34f96854dfe1700da64b44ef832e5fc9a..237d0cda1bcb053b40f994a9cbfcee51db3347ab 100644 (file)
@@ -256,6 +256,7 @@ struct ar9170 {
        atomic_t rx_work_urbs;
        atomic_t rx_pool_urbs;
        kernel_ulong_t features;
+       bool usb_ep_cmd_is_bulk;
 
        /* firmware settings */
        struct completion fw_load_wait;
index f35c7f30f9a6f66f234a4816260d0ea473fc573e..c9f93310c0d6c0abaffc780fd4c30b970a420c54 100644 (file)
@@ -621,9 +621,16 @@ int __carl9170_exec_cmd(struct ar9170 *ar, struct carl9170_cmd *cmd,
                goto err_free;
        }
 
-       usb_fill_int_urb(urb, ar->udev, usb_sndintpipe(ar->udev,
-               AR9170_USB_EP_CMD), cmd, cmd->hdr.len + 4,
-               carl9170_usb_cmd_complete, ar, 1);
+       if (ar->usb_ep_cmd_is_bulk)
+               usb_fill_bulk_urb(urb, ar->udev,
+                                 usb_sndbulkpipe(ar->udev, AR9170_USB_EP_CMD),
+                                 cmd, cmd->hdr.len + 4,
+                                 carl9170_usb_cmd_complete, ar);
+       else
+               usb_fill_int_urb(urb, ar->udev,
+                                usb_sndintpipe(ar->udev, AR9170_USB_EP_CMD),
+                                cmd, cmd->hdr.len + 4,
+                                carl9170_usb_cmd_complete, ar, 1);
 
        if (free_buf)
                urb->transfer_flags |= URB_FREE_BUFFER;
@@ -1032,9 +1039,10 @@ static void carl9170_usb_firmware_step2(const struct firmware *fw,
 static int carl9170_usb_probe(struct usb_interface *intf,
                              const struct usb_device_id *id)
 {
+       struct usb_endpoint_descriptor *ep;
        struct ar9170 *ar;
        struct usb_device *udev;
-       int err;
+       int i, err;
 
        err = usb_reset_device(interface_to_usbdev(intf));
        if (err)
@@ -1050,6 +1058,21 @@ static int carl9170_usb_probe(struct usb_interface *intf,
        ar->intf = intf;
        ar->features = id->driver_info;
 
+       /* We need to remember the type of endpoint 4 because it differs
+        * between high- and full-speed configuration. The high-speed
+        * configuration specifies it as interrupt and the full-speed
+        * configuration as bulk endpoint. This information is required
+        * later when sending urbs to that endpoint.
+        */
+       for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; ++i) {
+               ep = &intf->cur_altsetting->endpoint[i].desc;
+
+               if (usb_endpoint_num(ep) == AR9170_USB_EP_CMD &&
+                   usb_endpoint_dir_out(ep) &&
+                   usb_endpoint_type(ep) == USB_ENDPOINT_XFER_BULK)
+                       ar->usb_ep_cmd_is_bulk = true;
+       }
+
        usb_set_intfdata(intf, ar);
        SET_IEEE80211_DEV(ar->hw, &intf->dev);