aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Brownell <david-b@pacbell.net>2007-05-25 23:40:14 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2007-06-08 19:24:30 -0400
commit01ee7d7032204b383b2fba73021e7acbc776184b (patch)
tree2a5681e94df6ee18287a962394e9e8565e27f5bc
parent97cb95d1c4b724bc3bedd16dd022fbd3c2d61283 (diff)
USB: usb gadgets avoid le{16,32}_to_cpup()
It turns out that le16_to_cpup() and le32_to_cpup() aren't always safe to call with pointers into packed structures, since those are inlined functions and GCC may lose the "packed" attribute. So those references can become unaligned kernel accesses, which are evil on some hardware. This patch updates uses of those routines in the gadget stack. The references into packed structures can just use leXX_to_cpu(*x), which in most cases is more natural. Some other uses in RNDIS, mostly in debug code, were wrong in the first place; those use get_unaligned(). Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/usb/gadget/epautoconf.c2
-rw-r--r--drivers/usb/gadget/inode.c8
-rw-r--r--drivers/usb/gadget/net2280.c6
-rw-r--r--drivers/usb/gadget/omap_udc.c6
-rw-r--r--drivers/usb/gadget/rndis.c35
5 files changed, 33 insertions, 24 deletions
diff --git a/drivers/usb/gadget/epautoconf.c b/drivers/usb/gadget/epautoconf.c
index f28af06905a5..6042364402b8 100644
--- a/drivers/usb/gadget/epautoconf.c
+++ b/drivers/usb/gadget/epautoconf.c
@@ -132,7 +132,7 @@ ep_matches (
132 * where it's an output parameter representing the full speed limit. 132 * where it's an output parameter representing the full speed limit.
133 * the usb spec fixes high speed bulk maxpacket at 512 bytes. 133 * the usb spec fixes high speed bulk maxpacket at 512 bytes.
134 */ 134 */
135 max = 0x7ff & le16_to_cpup (&desc->wMaxPacketSize); 135 max = 0x7ff & le16_to_cpu(desc->wMaxPacketSize);
136 switch (type) { 136 switch (type) {
137 case USB_ENDPOINT_XFER_INT: 137 case USB_ENDPOINT_XFER_INT:
138 /* INT: limit 64 bytes full speed, 1024 high speed */ 138 /* INT: limit 64 bytes full speed, 1024 high speed */
diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
index 188c74a95216..46d0e5252744 100644
--- a/drivers/usb/gadget/inode.c
+++ b/drivers/usb/gadget/inode.c
@@ -1369,12 +1369,12 @@ config_buf (struct dev_data *dev, u8 type, unsigned index)
1369 hs = !hs; 1369 hs = !hs;
1370 if (hs) { 1370 if (hs) {
1371 dev->req->buf = dev->hs_config; 1371 dev->req->buf = dev->hs_config;
1372 len = le16_to_cpup (&dev->hs_config->wTotalLength); 1372 len = le16_to_cpu(dev->hs_config->wTotalLength);
1373 } else 1373 } else
1374#endif 1374#endif
1375 { 1375 {
1376 dev->req->buf = dev->config; 1376 dev->req->buf = dev->config;
1377 len = le16_to_cpup (&dev->config->wTotalLength); 1377 len = le16_to_cpu(dev->config->wTotalLength);
1378 } 1378 }
1379 ((u8 *)dev->req->buf) [1] = type; 1379 ((u8 *)dev->req->buf) [1] = type;
1380 return len; 1380 return len;
@@ -1885,7 +1885,7 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1885 1885
1886 /* full or low speed config */ 1886 /* full or low speed config */
1887 dev->config = (void *) kbuf; 1887 dev->config = (void *) kbuf;
1888 total = le16_to_cpup (&dev->config->wTotalLength); 1888 total = le16_to_cpu(dev->config->wTotalLength);
1889 if (!is_valid_config (dev->config) || total >= length) 1889 if (!is_valid_config (dev->config) || total >= length)
1890 goto fail; 1890 goto fail;
1891 kbuf += total; 1891 kbuf += total;
@@ -1894,7 +1894,7 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1894 /* optional high speed config */ 1894 /* optional high speed config */
1895 if (kbuf [1] == USB_DT_CONFIG) { 1895 if (kbuf [1] == USB_DT_CONFIG) {
1896 dev->hs_config = (void *) kbuf; 1896 dev->hs_config = (void *) kbuf;
1897 total = le16_to_cpup (&dev->hs_config->wTotalLength); 1897 total = le16_to_cpu(dev->hs_config->wTotalLength);
1898 if (!is_valid_config (dev->hs_config) || total >= length) 1898 if (!is_valid_config (dev->hs_config) || total >= length)
1899 goto fail; 1899 goto fail;
1900 kbuf += total; 1900 kbuf += total;
diff --git a/drivers/usb/gadget/net2280.c b/drivers/usb/gadget/net2280.c
index 52779c52b56d..d975ecf18e00 100644
--- a/drivers/usb/gadget/net2280.c
+++ b/drivers/usb/gadget/net2280.c
@@ -2440,9 +2440,9 @@ static void handle_stat0_irqs (struct net2280 *dev, u32 stat)
2440 2440
2441 tmp = 0; 2441 tmp = 0;
2442 2442
2443#define w_value le16_to_cpup (&u.r.wValue) 2443#define w_value le16_to_cpu(u.r.wValue)
2444#define w_index le16_to_cpup (&u.r.wIndex) 2444#define w_index le16_to_cpu(u.r.wIndex)
2445#define w_length le16_to_cpup (&u.r.wLength) 2445#define w_length le16_to_cpu(u.r.wLength)
2446 2446
2447 /* ack the irq */ 2447 /* ack the irq */
2448 writel (1 << SETUP_PACKET_INTERRUPT, &dev->regs->irqstat0); 2448 writel (1 << SETUP_PACKET_INTERRUPT, &dev->regs->irqstat0);
diff --git a/drivers/usb/gadget/omap_udc.c b/drivers/usb/gadget/omap_udc.c
index b394e63894d2..c4975a6cf777 100644
--- a/drivers/usb/gadget/omap_udc.c
+++ b/drivers/usb/gadget/omap_udc.c
@@ -1651,9 +1651,9 @@ static void ep0_irq(struct omap_udc *udc, u16 irq_src)
1651 UDC_EP_NUM_REG = 0; 1651 UDC_EP_NUM_REG = 0;
1652 } while (UDC_IRQ_SRC_REG & UDC_SETUP); 1652 } while (UDC_IRQ_SRC_REG & UDC_SETUP);
1653 1653
1654#define w_value le16_to_cpup (&u.r.wValue) 1654#define w_value le16_to_cpu(u.r.wValue)
1655#define w_index le16_to_cpup (&u.r.wIndex) 1655#define w_index le16_to_cpu(u.r.wIndex)
1656#define w_length le16_to_cpup (&u.r.wLength) 1656#define w_length le16_to_cpu(u.r.wLength)
1657 1657
1658 /* Delegate almost all control requests to the gadget driver, 1658 /* Delegate almost all control requests to the gadget driver,
1659 * except for a handful of ch9 status/feature requests that 1659 * except for a handful of ch9 status/feature requests that
diff --git a/drivers/usb/gadget/rndis.c b/drivers/usb/gadget/rndis.c
index 6ec8cf1a3ccb..708657c89132 100644
--- a/drivers/usb/gadget/rndis.c
+++ b/drivers/usb/gadget/rndis.c
@@ -186,10 +186,14 @@ gen_ndis_query_resp (int configNr, u32 OID, u8 *buf, unsigned buf_len,
186 DEBUG("query OID %08x value, len %d:\n", OID, buf_len); 186 DEBUG("query OID %08x value, len %d:\n", OID, buf_len);
187 for (i = 0; i < buf_len; i += 16) { 187 for (i = 0; i < buf_len; i += 16) {
188 DEBUG ("%03d: %08x %08x %08x %08x\n", i, 188 DEBUG ("%03d: %08x %08x %08x %08x\n", i,
189 le32_to_cpup((__le32 *)&buf[i]), 189 le32_to_cpu(get_unaligned((__le32 *)
190 le32_to_cpup((__le32 *)&buf[i + 4]), 190 &buf[i])),
191 le32_to_cpup((__le32 *)&buf[i + 8]), 191 le32_to_cpu(get_unaligned((__le32 *)
192 le32_to_cpup((__le32 *)&buf[i + 12])); 192 &buf[i + 4])),
193 le32_to_cpu(get_unaligned((__le32 *)
194 &buf[i + 8])),
195 le32_to_cpu(get_unaligned((__le32 *)
196 &buf[i + 12])));
193 } 197 }
194 } 198 }
195 199
@@ -665,7 +669,7 @@ gen_ndis_query_resp (int configNr, u32 OID, u8 *buf, unsigned buf_len,
665 break; 669 break;
666 case OID_PNP_QUERY_POWER: 670 case OID_PNP_QUERY_POWER:
667 DEBUG("%s: OID_PNP_QUERY_POWER D%d\n", __FUNCTION__, 671 DEBUG("%s: OID_PNP_QUERY_POWER D%d\n", __FUNCTION__,
668 le32_to_cpup((__le32 *) buf) - 1); 672 le32_to_cpu(get_unaligned((__le32 *)buf)) - 1);
669 /* only suspend is a real power state, and 673 /* only suspend is a real power state, and
670 * it can't be entered by OID_PNP_SET_POWER... 674 * it can't be entered by OID_PNP_SET_POWER...
671 */ 675 */
@@ -704,10 +708,14 @@ static int gen_ndis_set_resp (u8 configNr, u32 OID, u8 *buf, u32 buf_len,
704 DEBUG("set OID %08x value, len %d:\n", OID, buf_len); 708 DEBUG("set OID %08x value, len %d:\n", OID, buf_len);
705 for (i = 0; i < buf_len; i += 16) { 709 for (i = 0; i < buf_len; i += 16) {
706 DEBUG ("%03d: %08x %08x %08x %08x\n", i, 710 DEBUG ("%03d: %08x %08x %08x %08x\n", i,
707 le32_to_cpup((__le32 *)&buf[i]), 711 le32_to_cpu(get_unaligned((__le32 *)
708 le32_to_cpup((__le32 *)&buf[i + 4]), 712 &buf[i])),
709 le32_to_cpup((__le32 *)&buf[i + 8]), 713 le32_to_cpu(get_unaligned((__le32 *)
710 le32_to_cpup((__le32 *)&buf[i + 12])); 714 &buf[i + 4])),
715 le32_to_cpu(get_unaligned((__le32 *)
716 &buf[i + 8])),
717 le32_to_cpu(get_unaligned((__le32 *)
718 &buf[i + 12])));
711 } 719 }
712 } 720 }
713 721
@@ -721,7 +729,8 @@ static int gen_ndis_set_resp (u8 configNr, u32 OID, u8 *buf, u32 buf_len,
721 * PROMISCUOUS, DIRECTED, 729 * PROMISCUOUS, DIRECTED,
722 * MULTICAST, ALL_MULTICAST, BROADCAST 730 * MULTICAST, ALL_MULTICAST, BROADCAST
723 */ 731 */
724 *params->filter = (u16) le32_to_cpup((__le32 *)buf); 732 *params->filter = (u16) le32_to_cpu(get_unaligned(
733 (__le32 *)buf));
725 DEBUG("%s: OID_GEN_CURRENT_PACKET_FILTER %08x\n", 734 DEBUG("%s: OID_GEN_CURRENT_PACKET_FILTER %08x\n",
726 __FUNCTION__, *params->filter); 735 __FUNCTION__, *params->filter);
727 736
@@ -771,7 +780,7 @@ update_linkstate:
771 * resuming, Windows forces a reset, and then SET_POWER D0. 780 * resuming, Windows forces a reset, and then SET_POWER D0.
772 * FIXME ... then things go batty; Windows wedges itself. 781 * FIXME ... then things go batty; Windows wedges itself.
773 */ 782 */
774 i = le32_to_cpup((__force __le32 *)buf); 783 i = le32_to_cpu(get_unaligned((__le32 *)buf));
775 DEBUG("%s: OID_PNP_SET_POWER D%d\n", __FUNCTION__, i - 1); 784 DEBUG("%s: OID_PNP_SET_POWER D%d\n", __FUNCTION__, i - 1);
776 switch (i) { 785 switch (i) {
777 case NdisDeviceStateD0: 786 case NdisDeviceStateD0:
@@ -1058,8 +1067,8 @@ int rndis_msg_parser (u8 configNr, u8 *buf)
1058 return -ENOMEM; 1067 return -ENOMEM;
1059 1068
1060 tmp = (__le32 *) buf; 1069 tmp = (__le32 *) buf;
1061 MsgType = le32_to_cpup(tmp++); 1070 MsgType = le32_to_cpu(get_unaligned(tmp++));
1062 MsgLength = le32_to_cpup(tmp++); 1071 MsgLength = le32_to_cpu(get_unaligned(tmp++));
1063 1072
1064 if (configNr >= RNDIS_MAX_CONFIGS) 1073 if (configNr >= RNDIS_MAX_CONFIGS)
1065 return -ENOTSUPP; 1074 return -ENOTSUPP;