aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/gadget/rndis.c
diff options
context:
space:
mode:
authorDavid Brownell <david-b@pacbell.net>2007-05-25 23:40:14 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2007-06-08 19:24:30 -0400
commit01ee7d7032204b383b2fba73021e7acbc776184b (patch)
tree2a5681e94df6ee18287a962394e9e8565e27f5bc /drivers/usb/gadget/rndis.c
parent97cb95d1c4b724bc3bedd16dd022fbd3c2d61283 (diff)
USB: usb gadgets avoid le{16,32}_to_cpup()
It turns out that le16_to_cpup() and le32_to_cpup() aren't always safe to call with pointers into packed structures, since those are inlined functions and GCC may lose the "packed" attribute. So those references can become unaligned kernel accesses, which are evil on some hardware. This patch updates uses of those routines in the gadget stack. The references into packed structures can just use leXX_to_cpu(*x), which in most cases is more natural. Some other uses in RNDIS, mostly in debug code, were wrong in the first place; those use get_unaligned(). Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget/rndis.c')
-rw-r--r--drivers/usb/gadget/rndis.c35
1 files changed, 22 insertions, 13 deletions
diff --git a/drivers/usb/gadget/rndis.c b/drivers/usb/gadget/rndis.c
index 6ec8cf1a3ccb..708657c89132 100644
--- a/drivers/usb/gadget/rndis.c
+++ b/drivers/usb/gadget/rndis.c
@@ -186,10 +186,14 @@ gen_ndis_query_resp (int configNr, u32 OID, u8 *buf, unsigned buf_len,
186 DEBUG("query OID %08x value, len %d:\n", OID, buf_len); 186 DEBUG("query OID %08x value, len %d:\n", OID, buf_len);
187 for (i = 0; i < buf_len; i += 16) { 187 for (i = 0; i < buf_len; i += 16) {
188 DEBUG ("%03d: %08x %08x %08x %08x\n", i, 188 DEBUG ("%03d: %08x %08x %08x %08x\n", i,
189 le32_to_cpup((__le32 *)&buf[i]), 189 le32_to_cpu(get_unaligned((__le32 *)
190 le32_to_cpup((__le32 *)&buf[i + 4]), 190 &buf[i])),
191 le32_to_cpup((__le32 *)&buf[i + 8]), 191 le32_to_cpu(get_unaligned((__le32 *)
192 le32_to_cpup((__le32 *)&buf[i + 12])); 192 &buf[i + 4])),
193 le32_to_cpu(get_unaligned((__le32 *)
194 &buf[i + 8])),
195 le32_to_cpu(get_unaligned((__le32 *)
196 &buf[i + 12])));
193 } 197 }
194 } 198 }
195 199
@@ -665,7 +669,7 @@ gen_ndis_query_resp (int configNr, u32 OID, u8 *buf, unsigned buf_len,
665 break; 669 break;
666 case OID_PNP_QUERY_POWER: 670 case OID_PNP_QUERY_POWER:
667 DEBUG("%s: OID_PNP_QUERY_POWER D%d\n", __FUNCTION__, 671 DEBUG("%s: OID_PNP_QUERY_POWER D%d\n", __FUNCTION__,
668 le32_to_cpup((__le32 *) buf) - 1); 672 le32_to_cpu(get_unaligned((__le32 *)buf)) - 1);
669 /* only suspend is a real power state, and 673 /* only suspend is a real power state, and
670 * it can't be entered by OID_PNP_SET_POWER... 674 * it can't be entered by OID_PNP_SET_POWER...
671 */ 675 */
@@ -704,10 +708,14 @@ static int gen_ndis_set_resp (u8 configNr, u32 OID, u8 *buf, u32 buf_len,
704 DEBUG("set OID %08x value, len %d:\n", OID, buf_len); 708 DEBUG("set OID %08x value, len %d:\n", OID, buf_len);
705 for (i = 0; i < buf_len; i += 16) { 709 for (i = 0; i < buf_len; i += 16) {
706 DEBUG ("%03d: %08x %08x %08x %08x\n", i, 710 DEBUG ("%03d: %08x %08x %08x %08x\n", i,
707 le32_to_cpup((__le32 *)&buf[i]), 711 le32_to_cpu(get_unaligned((__le32 *)
708 le32_to_cpup((__le32 *)&buf[i + 4]), 712 &buf[i])),
709 le32_to_cpup((__le32 *)&buf[i + 8]), 713 le32_to_cpu(get_unaligned((__le32 *)
710 le32_to_cpup((__le32 *)&buf[i + 12])); 714 &buf[i + 4])),
715 le32_to_cpu(get_unaligned((__le32 *)
716 &buf[i + 8])),
717 le32_to_cpu(get_unaligned((__le32 *)
718 &buf[i + 12])));
711 } 719 }
712 } 720 }
713 721
@@ -721,7 +729,8 @@ static int gen_ndis_set_resp (u8 configNr, u32 OID, u8 *buf, u32 buf_len,
721 * PROMISCUOUS, DIRECTED, 729 * PROMISCUOUS, DIRECTED,
722 * MULTICAST, ALL_MULTICAST, BROADCAST 730 * MULTICAST, ALL_MULTICAST, BROADCAST
723 */ 731 */
724 *params->filter = (u16) le32_to_cpup((__le32 *)buf); 732 *params->filter = (u16) le32_to_cpu(get_unaligned(
733 (__le32 *)buf));
725 DEBUG("%s: OID_GEN_CURRENT_PACKET_FILTER %08x\n", 734 DEBUG("%s: OID_GEN_CURRENT_PACKET_FILTER %08x\n",
726 __FUNCTION__, *params->filter); 735 __FUNCTION__, *params->filter);
727 736
@@ -771,7 +780,7 @@ update_linkstate:
771 * resuming, Windows forces a reset, and then SET_POWER D0. 780 * resuming, Windows forces a reset, and then SET_POWER D0.
772 * FIXME ... then things go batty; Windows wedges itself. 781 * FIXME ... then things go batty; Windows wedges itself.
773 */ 782 */
774 i = le32_to_cpup((__force __le32 *)buf); 783 i = le32_to_cpu(get_unaligned((__le32 *)buf));
775 DEBUG("%s: OID_PNP_SET_POWER D%d\n", __FUNCTION__, i - 1); 784 DEBUG("%s: OID_PNP_SET_POWER D%d\n", __FUNCTION__, i - 1);
776 switch (i) { 785 switch (i) {
777 case NdisDeviceStateD0: 786 case NdisDeviceStateD0:
@@ -1058,8 +1067,8 @@ int rndis_msg_parser (u8 configNr, u8 *buf)
1058 return -ENOMEM; 1067 return -ENOMEM;
1059 1068
1060 tmp = (__le32 *) buf; 1069 tmp = (__le32 *) buf;
1061 MsgType = le32_to_cpup(tmp++); 1070 MsgType = le32_to_cpu(get_unaligned(tmp++));
1062 MsgLength = le32_to_cpup(tmp++); 1071 MsgLength = le32_to_cpu(get_unaligned(tmp++));
1063 1072
1064 if (configNr >= RNDIS_MAX_CONFIGS) 1073 if (configNr >= RNDIS_MAX_CONFIGS)
1065 return -ENOTSUPP; 1074 return -ENOTSUPP;