projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7744b7)
greybus: es1: fix DMA-buffer on stack
authorJohan Hovold <johan@hovoldconsulting.com>
Tue, 7 Apr 2015 09:27:10 +0000 (11:27 +0200)
committerGreg Kroah-Hartman <gregkh@google.com>
Tue, 7 Apr 2015 12:32:42 +0000 (14:32 +0200)
A stack-allocated buffer is not generally DMA-able and must not be used
for USB control transfers.

Note that the memset and extra buffer byte were redundant as no more
than the bytes actually transferred was ever added to the fifo.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
drivers/staging/greybus/es1.c patch | blob | blame | history

diff --git a/drivers/staging/greybus/es1.c b/drivers/staging/greybus/es1.c
index 7f7e2fdc094f9d7f8c4eb5c56de0efbd2f353ca4..f2c1cde9622136a8d8c6c6cf1d0e38a6c0b53971 100644 (file)
--- a/drivers/staging/greybus/es1.c
+++ b/drivers/staging/greybus/es1.c
@@ -454,14 +454,13 @@ static void cport_out_callback(struct urb *urb)
        free_urb(es1, urb);
 }
 
-static void apb1_log_get(struct es1_ap_dev *es1)
+#define APB1_LOG_MSG_SIZE      64
+static void apb1_log_get(struct es1_ap_dev *es1, char *buf)
 {
-       char buf[65];
        int retval;
 
        /* SVC messages go down our control pipe */
        do {
-               memset(buf, 0, 65);
                retval = usb_control_msg(es1->usb_dev,
                                        usb_rcvctrlpipe(es1->usb_dev,
                                                        es1->control_endpoint),
@@ -469,7 +468,7 @@ static void apb1_log_get(struct es1_ap_dev *es1)
                                        USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
                                        0x00, 0x00,
                                        buf,
-                                       64,
+                                       APB1_LOG_MSG_SIZE,
                                        ES1_TIMEOUT);
                if (retval > 0)
                        kfifo_in(&apb1_log_fifo, buf, retval);
@@ -478,10 +477,20 @@ static void apb1_log_get(struct es1_ap_dev *es1)
 
 static int apb1_log_poll(void *data)
 {
+       struct es1_ap_dev *es1 = data;
+       char *buf;
+
+       buf = kmalloc(APB1_LOG_MSG_SIZE, GFP_KERNEL);
+       if (!buf)
+               return -ENOMEM;
+
        while (!kthread_should_stop()) {
                msleep(1000);
-               apb1_log_get((struct es1_ap_dev *)data);
+               apb1_log_get(es1, buf);
        }
+
+       kfree(buf);
+
        return 0;
 }