| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Sep 2015 15:47:56 +0100
From: Felipe Tonello <eu@...ipetonello.com>
To: Alan Stern <stern@...land.harvard.edu>
Cc: Peter Chen <peter.chen@...escale.com>,
USB list <linux-usb@...r.kernel.org>,
Kernel development list <linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Felipe Balbi <balbi@...com>,
Andrzej Pietrasiewicz <andrzej.p@...sung.com>
Subject: Re: [PATCH 2/3] usb: gadget: f_midi: free usb request when done
Hi Alan,
On Wed, Sep 23, 2015 at 3:30 PM, Alan Stern <stern@...land.harvard.edu> wrote:
> On Wed, 23 Sep 2015, Felipe Tonello wrote:
>
>> Hi Peter,
>>
>> On Wed, Sep 23, 2015 at 4:10 AM, Peter Chen <peter.chen@...escale.com> wrote:
>> > On Tue, Sep 22, 2015 at 07:59:09PM +0100, Felipe F. Tonello wrote:
>> >> req->actual == req->length means that there is no data left to enqueue,
>> >> so free the request.
>> >>
>> >> Signed-off-by: Felipe F. Tonello <eu@...ipetonello.com>
>> >> ---
>> >> drivers/usb/gadget/function/f_midi.c | 5 ++++-
>> >> 1 file changed, 4 insertions(+), 1 deletion(-)
>> >>
>> >> diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c
>> >> index edb84ca..e92aff5 100644
>> >> --- a/drivers/usb/gadget/function/f_midi.c
>> >> +++ b/drivers/usb/gadget/function/f_midi.c
>> >> @@ -258,7 +258,10 @@ f_midi_complete(struct usb_ep *ep, struct usb_request *req)
>> >> } else if (ep == midi->in_ep) {
>> >> /* Our transmit completed. See if there's more to go.
>> >> * f_midi_transmit eats req, don't queue it again. */
>> >> - f_midi_transmit(midi, req);
>> >> + if (req->actual < req->length)
>> >> + f_midi_transmit(midi, req);
>> >> + else
>> >> + free_ep_req(ep, req);
>> >> return;
>> >> }
>> >
>> > It is incorrect, if no reqeust in queue, how device knows when
>> > the host sends data?
>>
>> This is the complete function of the IN endpoint.
>>
>> Actually I believe the proper patch is to enqueue this request again
>> if req->actual < req->length is true. Because the data is still there,
>> just not fully completed. Asking to transmit the request again will
>> cause to read new data from ALSA MIDI module, which it can possibly
>> steal data from a real ALSA request from f_midi_in_trigger. If that
>> doesn't happen (req->length == 0), the request will be freed anyway.
>>
>> Any thoughts?
>
> Please pardon me for jumping in in the middle of a conversation. I
> know practically zero about f_midi. But nevertheless...
>
> How can you ever have req->actual < req->length for a usb_request on an
> IN endpoint? The only way that can happen is if some sort of error or
> exceptional event occurred, for example, if the transfer was cancelled
> before it could run to completion. In such cases I doubt that you
> really want to retransmit the data. Particularly since part of it
> probably was received by the host -- do you really want to send that
> part of the data a second time?
That is a fair point.
IMO we should always free the request upon a completion. Never
retransmit, since ALSA trigger will do that anyway.
Felipe
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists