On Wed, 02 Sep 2020 13:01:09 +0200,
Greg Kroah-Hartman wrote:
>
> The usb_control_msg_send() and usb_control_msg_recv() calls can return
> an error if a "short" write/read happens, so move the driver over to
> using those calls instead, saving some logic in the wrapper functions
> that were being used in this driver.
>
> This also resolves a long-staging bug where data on the stack was being
> sent in a USB control message, which was not allowed.
>
> Cc: Jaroslav Kysela <perex@xxxxxxxx>
> Cc: Takashi Iwai <tiwai@xxxxxxxx>
> Cc: alsa-devel@xxxxxxxxxxxxxxxx
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Reviewed-by: Takashi Iwai <tiwai@xxxxxxx>
thanks,
Takashi
> ---
> sound/usb/6fire/firmware.c | 38 +++++++++++++-------------------------
> 1 file changed, 13 insertions(+), 25 deletions(-)
>
> diff --git a/sound/usb/6fire/firmware.c b/sound/usb/6fire/firmware.c
> index 69137c14d0dc..5b8994070c96 100644
> --- a/sound/usb/6fire/firmware.c
> +++ b/sound/usb/6fire/firmware.c
> @@ -158,29 +158,17 @@ static int usb6fire_fw_ihex_init(const struct firmware *fw,
> static int usb6fire_fw_ezusb_write(struct usb_device *device,
> int type, int value, char *data, int len)
> {
> - int ret;
> -
> - ret = usb_control_msg(device, usb_sndctrlpipe(device, 0), type,
> - USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
> - value, 0, data, len, HZ);
> - if (ret < 0)
> - return ret;
> - else if (ret != len)
> - return -EIO;
> - return 0;
> + return usb_control_msg_send(device, 0, type,
> + USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
> + value, 0, data, len, HZ);
> }
>
> static int usb6fire_fw_ezusb_read(struct usb_device *device,
> int type, int value, char *data, int len)
> {
> - int ret = usb_control_msg(device, usb_rcvctrlpipe(device, 0), type,
> - USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, value,
> - 0, data, len, HZ);
> - if (ret < 0)
> - return ret;
> - else if (ret != len)
> - return -EIO;
> - return 0;
> + return usb_control_msg_recv(device, 0, type,
> + USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
> + value, 0, data, len, HZ);
> }
>
> static int usb6fire_fw_fpga_write(struct usb_device *device,
> @@ -230,7 +218,7 @@ static int usb6fire_fw_ezusb_upload(
> /* upload firmware image */
> data = 0x01; /* stop ezusb cpu */
> ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1);
> - if (ret < 0) {
> + if (ret) {
> kfree(rec);
> release_firmware(fw);
> dev_err(&intf->dev,
> @@ -242,7 +230,7 @@ static int usb6fire_fw_ezusb_upload(
> while (usb6fire_fw_ihex_next_record(rec)) { /* write firmware */
> ret = usb6fire_fw_ezusb_write(device, 0xa0, rec->address,
> rec->data, rec->len);
> - if (ret < 0) {
> + if (ret) {
> kfree(rec);
> release_firmware(fw);
> dev_err(&intf->dev,
> @@ -257,7 +245,7 @@ static int usb6fire_fw_ezusb_upload(
> if (postdata) { /* write data after firmware has been uploaded */
> ret = usb6fire_fw_ezusb_write(device, 0xa0, postaddr,
> postdata, postlen);
> - if (ret < 0) {
> + if (ret) {
> dev_err(&intf->dev,
> "unable to upload ezusb firmware %s: post urb.\n",
> fwname);
> @@ -267,7 +255,7 @@ static int usb6fire_fw_ezusb_upload(
>
> data = 0x00; /* resume ezusb cpu */
> ret = usb6fire_fw_ezusb_write(device, 0xa0, 0xe600, &data, 1);
> - if (ret < 0) {
> + if (ret) {
> dev_err(&intf->dev,
> "unable to upload ezusb firmware %s: end message.\n",
> fwname);
> @@ -302,7 +290,7 @@ static int usb6fire_fw_fpga_upload(
> end = fw->data + fw->size;
>
> ret = usb6fire_fw_ezusb_write(device, 8, 0, NULL, 0);
> - if (ret < 0) {
> + if (ret) {
> kfree(buffer);
> release_firmware(fw);
> dev_err(&intf->dev,
> @@ -327,7 +315,7 @@ static int usb6fire_fw_fpga_upload(
> kfree(buffer);
>
> ret = usb6fire_fw_ezusb_write(device, 9, 0, NULL, 0);
> - if (ret < 0) {
> + if (ret) {
> dev_err(&intf->dev,
> "unable to upload fpga firmware: end urb.\n");
> return ret;
> @@ -363,7 +351,7 @@ int usb6fire_fw_init(struct usb_interface *intf)
> u8 buffer[12];
>
> ret = usb6fire_fw_ezusb_read(device, 1, 0, buffer, 8);
> - if (ret < 0) {
> + if (ret) {
> dev_err(&intf->dev,
> "unable to receive device firmware state.\n");
> return ret;
> --
> 2.28.0
>
