Commit Graph

7 Commits

Author SHA1 Message Date
Greg Kroah-Hartman
dbafc28955 NFC: pn533: don't send USB data off of the stack
It's amazing that this driver ever worked, but now that x86 doesn't
allow USB data to be sent off of the stack, it really does not work at
all.  Fix this up by properly allocating the data for the small
"commands" that get sent to the device off of the stack.

We do this for one command by having a whole urb just for ack messages,
as they can be submitted in interrupt context, so we can not use
usb_bulk_msg().  But the poweron command can sleep (and does), so use
usb_bulk_msg() for that transfer.

Reported-by: Carlos Manuel Santos <cmmpsantos@gmail.com>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-31 12:43:14 +02:00
Johannes Berg
59ae1d127a networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.

An spatch similar to the one for skb_put_zero() converts many
of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

(again, manually post-processed to retain some comments)

Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:37 -04:00
Michał Mirosław
8b55d7581f NFC: pn533: use constant off-stack buffer for sending acks
fix for WARN:

usb 3-2.4.1: NFC: Exchanging data failed (error 0x13)
llcp: nfc_llcp_recv: err -5
llcp: nfc_llcp_symm_timer: SYMM timeout
------------[ cut here ]------------
WARNING: CPU: 1 PID: 26397 at .../drivers/usb/core/hcd.c:1584 usb_hcd_map_urb_for_dma+0x370/0x550
transfer buffer not dma capable
[...]
Workqueue: events nfc_llcp_timeout_work [nfc]
Call Trace:
 ? dump_stack+0x46/0x5a
 ? __warn+0xb9/0xe0
 ? warn_slowpath_fmt+0x5a/0x80
 ? usb_hcd_map_urb_for_dma+0x370/0x550
 ? usb_hcd_submit_urb+0x2fb/0xa60
 ? dequeue_entity+0x3f2/0xc30
 ? pn533_usb_send_ack+0x5d/0x80 [pn533_usb]
 ? pn533_usb_abort_cmd+0x13/0x20 [pn533_usb]
 ? pn533_dep_link_down+0x32/0x70 [pn533]
 ? nfc_dep_link_down+0x87/0xd0 [nfc]
[...]
usb 3-2.4.1: NFC: Exchanging data failed (error 0x13)
llcp: nfc_llcp_recv: err -5
llcp: nfc_llcp_symm_timer: SYMM timeout

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-17 00:33:31 +02:00
Andrey Rusalin
32ecc75ded NFC: pn533: change order operations in dev registation
Sometimes during probing and registration of pn533_i2c
NULL pointer dereference happens.
Reproduced in cycle of inserting and removing pn533_i2c
and pn533 modules.

Backtrace:
[<8004205c>] (__queue_work) from [<80042324>] (queue_work_on+0x50/0x5c)
r10:acdc7c80 r9:8006b330 r8:ac0dfb40 r7:ac50c600 r6:00000004 r5:acbbee40 r4:600f0113
[<800422d4>] (queue_work_on) from [<7f7d5b6c>] (pn533_recv_frame+0x158/0x1fc [pn533])
r7:ffffff87 r6:00000000 r5:acbbee40 r4:acbbee00
[<7f7d5a14>] (pn533_recv_frame [pn533]) from [<7f7df4b8>] (pn533_i2c_irq_thread_fn+0x184/0x)
r6:acb2a000 r5:00000000 r4:acdc7b90
[<7f7df334>] (pn533_i2c_irq_thread_fn [pn533_i2c]) from [<8006b354>] (irq_thread_fn+0x24/0x)
r7:00000000 r6:accde000 r5:ac0dfb40 r4:acdc7c80
...

Seems there is some race condition due registration of
irq handler until all data stuctures that could be needed
are ready. So I re-ordered some ops. After this, problem has gone.

Changes in USB part was not tested, but it should not break
anything.

Signed-off-by: Andrey Rusalin <arusalin@dev.rtsoft.ru>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-02 01:06:23 +02:00
Dan Carpenter
6d2f70cae4 NFC: pn533: double free on error in probe()
We can't pass devm_ allocated pointers to kfree() because they will be
freed again after the drive is unloaded.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-04 12:15:00 +02:00
Michael Thalmeier
b16931b13c NFC: pn533: fix order of initialization
Correctly call nfc_set_parent_dev before nfc_register_device.
Otherwise the driver will OOPS when being removed.

Signed-off-by: Michael Thalmeier <michael.thalmeier@hale.at>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-05-09 23:59:18 +02:00
Michael Thalmeier
9815c7cf22 NFC: pn533: Separate physical layer from the core implementation
The driver now has all core stuff isolated in one file, and all
the hardware link specifics in another. Writing a pn533 driver
on top of another hardware link is now just a matter of adding a
new file for that new hardware specifics.

The first user of this separation will be the i2c based pn532
driver that reuses pn533 core implementation on top of an i2c
layer.

Signed-off-by: Michael Thalmeier <michael.thalmeier@hale.at>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-04-09 23:53:15 +02:00