lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 23 Sep 2015 12:47:47 +0100
From:	Felipe Tonello <eu@...ipetonello.com>
To:	Peter Chen <peter.chen@...escale.com>
Cc:	USB list <linux-usb@...r.kernel.org>,
	Kernel development list <linux-kernel@...r.kernel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Felipe Balbi <balbi@...com>,
	Andrzej Pietrasiewicz <andrzej.p@...sung.com>
Subject: Re: [PATCH 2/3] usb: gadget: f_midi: free usb request when done

Hi Peter,

On Wed, Sep 23, 2015 at 4:10 AM, Peter Chen <peter.chen@...escale.com> wrote:
> On Tue, Sep 22, 2015 at 07:59:09PM +0100, Felipe F. Tonello wrote:
>> req->actual == req->length means that there is no data left to enqueue,
>> so free the request.
>>
>> Signed-off-by: Felipe F. Tonello <eu@...ipetonello.com>
>> ---
>>  drivers/usb/gadget/function/f_midi.c | 5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c
>> index edb84ca..e92aff5 100644
>> --- a/drivers/usb/gadget/function/f_midi.c
>> +++ b/drivers/usb/gadget/function/f_midi.c
>> @@ -258,7 +258,10 @@ f_midi_complete(struct usb_ep *ep, struct usb_request *req)
>>               } else if (ep == midi->in_ep) {
>>                       /* Our transmit completed. See if there's more to go.
>>                        * f_midi_transmit eats req, don't queue it again. */
>> -                     f_midi_transmit(midi, req);
>> +                     if (req->actual < req->length)
>> +                             f_midi_transmit(midi, req);
>> +                     else
>> +                             free_ep_req(ep, req);
>>                       return;
>>               }
>
> It is incorrect, if no reqeust in queue, how device knows when
> the host sends data?

This is the complete function of the IN endpoint.

Actually I believe the proper patch is to enqueue this request again
if req->actual < req->length is true. Because the data is still there,
just not fully completed. Asking to transmit the request again will
cause to read new data from ALSA MIDI module, which it can possibly
steal data from a real ALSA request from f_midi_in_trigger. If that
doesn't happen (req->length == 0), the request will be freed anyway.

Any thoughts?

Felipe
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ