FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 03-24-2010, 03:21 PM
Markus Rechberger
 
Default USBFS Bugfix

Hi,

on IRC I was recommended to submit this information to the mailinglist

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527

Here's a better solution. In theory we could copy just the individual
packets from within the transfer buffer, but that would probably take
longer than simply copying the whole buffer.

(This was a little hasty; I haven't even compile-tested the patch.
Some small fixes may be needed.)

Alan Stern


-----------------------------------------------------------------------
This patch fixes a bug in the way isochronous input data is returned
to userspace for usbfs transfers. The entire buffer must be copied,
not just the first actual_length bytes, because the individual packets
will be discontiguous if any of them are short.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: stable <stable@kernel.org>

---
Index: usb-2.6/drivers/usb/core/devio.c
================================================== =================
--- usb-2.6.orig/drivers/usb/core/devio.c
+++ usb-2.6/drivers/usb/core/devio.c
@@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
free_async(as);
return -ENOMEM;
}
+ /* Isochronous input data may end up being discontiguous
+ * if some of the packets are short. Clear the buffer so
+ * that the gaps don't leak kernel data to userspace.
+ */
+ if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
+ memset(as->urb->transfer_buffer, 0,
+ uurb->buffer_length);
}
as->urb->dev = ps->dev;
as->urb->pipe = (uurb->type << 30) |
@@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
void __user *addr = as->userurb;
unsigned int i;

- if (as->userbuffer && urb->actual_length)
- if (copy_to_user(as->userbuffer, urb->transfer_buffer,
- urb->actual_length))
+ if (as->userbuffer && urb->actual_length) {
+ if (urb->number_of_packets > 0) /* Isochronous */
+ i = urb->transfer_buffer_length;
+ else /* Non-Isoc */
+ i = urb->actual_length;
+ if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
goto err_out;
+ }
if (put_user(as->status, &userurb->status))
goto err_out;
if (put_user(urb->actual_length, &userurb->actual_length))

It would be nice if this patch could go into the ubuntu lucid kernel
as soon as possible.

Thanks,
Markus

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-24-2010, 03:34 PM
Chase Douglas
 
Default USBFS Bugfix

Hi Markus,

On Wed, Mar 24, 2010 at 12:21 PM, Markus Rechberger
<mrechberger@gmail.com> wrote:
> Hi,
>
> on IRC I was recommended to submit this information to the mailinglist
>
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527

The bug itself doesn't list much information. It basically says "usbfs
is broken." We need some proof of what is going wrong, preferably
something that can be tested when a fix is available.

> Here's a better solution. *In theory we could copy just the individual
> packets from within the transfer buffer, but that would probably take
> longer than simply copying the whole buffer.
>
> (This was a little hasty; I haven't even compile-tested the patch.
> Some small fixes may be needed.)

The general procedure for fixes to reach Ubuntu is to have them sent
upstream and be included in the mainline linux, and then to have the
fix read the -stable tree. We then pull patches from the -stable tree
for inclusion in Ubuntu.

If you can show that a specific patch has been found to fix an issue
in Ubuntu and it has been accepted upstream by the maintainers of the
kernel subsystem this impacts, we may be able to accept the patch as a
pre-stable fix, in anticipation that it will be accepted into the
-stable tree in the future.

What is the origin of this patch? Is it from upstream somewhere? A
commit hash from linux-2.6 or some other tree would be very helpful.

> Alan Stern
>
>
> -----------------------------------------------------------------------
> This patch fixes a bug in the way isochronous input data is returned
> to userspace for usbfs transfers. *The entire buffer must be copied,
> not just the first actual_length bytes, because the individual packets
> will be discontiguous if any of them are short.
>
> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
> CC: stable <stable@kernel.org>
>
> ---
> Index: usb-2.6/drivers/usb/core/devio.c
> ================================================== =================
> --- usb-2.6.orig/drivers/usb/core/devio.c
> +++ usb-2.6/drivers/usb/core/devio.c
> @@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
> * * * * * * * * * * * *free_async(as);
> * * * * * * * * * * * *return -ENOMEM;
> * * * * * * * *}
> + * * * * * * * /* Isochronous input data may end up being discontiguous
> + * * * * * * * ** if some of the packets are short. *Clear the buffer so
> + * * * * * * * ** that the gaps don't leak kernel data to userspace.
> + * * * * * * * **/
> + * * * * * * * if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
> + * * * * * * * * * * * memset(as->urb->transfer_buffer, 0,
> + * * * * * * * * * * * * * * * * * * * uurb->buffer_length);
> * * * *}
> * * * *as->urb->dev = ps->dev;
> * * * *as->urb->pipe = (uurb->type << 30) |
> @@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
> * * * *void __user *addr = as->userurb;
> * * * *unsigned int i;
>
> - * * * if (as->userbuffer && urb->actual_length)
> - * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer,
> - * * * * * * * * * * * * * * * *urb->actual_length))
> + * * * if (as->userbuffer && urb->actual_length) {
> + * * * * * * * if (urb->number_of_packets > 0) * * * * /* Isochronous */
> + * * * * * * * * * * * i = urb->transfer_buffer_length;
> + * * * * * * * else * * * * * * * * * * * * * * * * * */* Non-Isoc */
> + * * * * * * * * * * * i = urb->actual_length;
> + * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
> * * * * * * * * * * * *goto err_out;
> + * * * }
> * * * *if (put_user(as->status, &userurb->status))
> * * * * * * * *goto err_out;
> * * * *if (put_user(urb->actual_length, &userurb->actual_length))
>
> It would be nice if this patch could go into the ubuntu lucid kernel
> as soon as possible.
>
> Thanks,
> Markus

-- Chase

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-24-2010, 03:39 PM
Markus Rechberger
 
Default USBFS Bugfix

On Wed, Mar 24, 2010 at 5:34 PM, Chase Douglas
<chase.douglas@canonical.com> wrote:
> Hi Markus,
>
> On Wed, Mar 24, 2010 at 12:21 PM, Markus Rechberger
> <mrechberger@gmail.com> wrote:
>> Hi,
>>
>> on IRC I was recommended to submit this information to the mailinglist
>>
>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527
>
> The bug itself doesn't list much information. It basically says "usbfs
> is broken." We need some proof of what is going wrong, preferably
> something that can be tested when a fix is available.
>
>> Here's a better solution. *In theory we could copy just the individual
>> packets from within the transfer buffer, but that would probably take
>> longer than simply copying the whole buffer.
>>
>> (This was a little hasty; I haven't even compile-tested the patch.
>> Some small fixes may be needed.)
>
> The general procedure for fixes to reach Ubuntu is to have them sent
> upstream and be included in the mainline linux, and then to have the
> fix read the -stable tree. We then pull patches from the -stable tree
> for inclusion in Ubuntu.
>
> If you can show that a specific patch has been found to fix an issue
> in Ubuntu and it has been accepted upstream by the maintainers of the
> kernel subsystem this impacts, we may be able to accept the patch as a
> pre-stable fix, in anticipation that it will be accepted into the
> -stable tree in the future.
>
> What is the origin of this patch? Is it from upstream somewhere? A
> commit hash from linux-2.6 or some other tree would be very helpful.

Hi,

sorry I'm a little bit busy
the patch is already upstream but not in ubuntu right now I tested
Ubuntu Lucid yesterday
and it's affected by that bug

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7152b592593b9d48b33f8997b1d fd6df9143f7ec

Markus
>
>> Alan Stern
>>
>>
>> -----------------------------------------------------------------------
>> This patch fixes a bug in the way isochronous input data is returned
>> to userspace for usbfs transfers. *The entire buffer must be copied,
>> not just the first actual_length bytes, because the individual packets
>> will be discontiguous if any of them are short.
>>
>> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
>> CC: stable <stable@kernel.org>
>>
>> ---
>> Index: usb-2.6/drivers/usb/core/devio.c
>> ================================================== =================
>> --- usb-2.6.orig/drivers/usb/core/devio.c
>> +++ usb-2.6/drivers/usb/core/devio.c
>> @@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
>> * * * * * * * * * * * *free_async(as);
>> * * * * * * * * * * * *return -ENOMEM;
>> * * * * * * * *}
>> + * * * * * * * /* Isochronous input data may end up being discontiguous
>> + * * * * * * * ** if some of the packets are short. *Clear the buffer so
>> + * * * * * * * ** that the gaps don't leak kernel data to userspace.
>> + * * * * * * * **/
>> + * * * * * * * if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
>> + * * * * * * * * * * * memset(as->urb->transfer_buffer, 0,
>> + * * * * * * * * * * * * * * * * * * * uurb->buffer_length);
>> * * * *}
>> * * * *as->urb->dev = ps->dev;
>> * * * *as->urb->pipe = (uurb->type << 30) |
>> @@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
>> * * * *void __user *addr = as->userurb;
>> * * * *unsigned int i;
>>
>> - * * * if (as->userbuffer && urb->actual_length)
>> - * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>> - * * * * * * * * * * * * * * * *urb->actual_length))
>> + * * * if (as->userbuffer && urb->actual_length) {
>> + * * * * * * * if (urb->number_of_packets > 0) * * * * /* Isochronous */
>> + * * * * * * * * * * * i = urb->transfer_buffer_length;
>> + * * * * * * * else * * * * * * * * * * * * * * * * * */* Non-Isoc */
>> + * * * * * * * * * * * i = urb->actual_length;
>> + * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
>> * * * * * * * * * * * *goto err_out;
>> + * * * }
>> * * * *if (put_user(as->status, &userurb->status))
>> * * * * * * * *goto err_out;
>> * * * *if (put_user(urb->actual_length, &userurb->actual_length))
>>
>> It would be nice if this patch could go into the ubuntu lucid kernel
>> as soon as possible.
>>
>> Thanks,
>> Markus
>
> -- Chase
>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-24-2010, 03:39 PM
Stefan Bader
 
Default USBFS Bugfix

Chase Douglas wrote:
> Hi Markus,
>
> On Wed, Mar 24, 2010 at 12:21 PM, Markus Rechberger
> <mrechberger@gmail.com> wrote:
>> Hi,
>>
>> on IRC I was recommended to submit this information to the mailinglist
>>
>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527
>
> The bug itself doesn't list much information. It basically says "usbfs
> is broken." We need some proof of what is going wrong, preferably
> something that can be tested when a fix is available.
>
>> Here's a better solution. In theory we could copy just the individual
>> packets from within the transfer buffer, but that would probably take
>> longer than simply copying the whole buffer.
>>
>> (This was a little hasty; I haven't even compile-tested the patch.
>> Some small fixes may be needed.)
>
> The general procedure for fixes to reach Ubuntu is to have them sent
> upstream and be included in the mainline linux, and then to have the
> fix read the -stable tree. We then pull patches from the -stable tree
> for inclusion in Ubuntu.
>
> If you can show that a specific patch has been found to fix an issue
> in Ubuntu and it has been accepted upstream by the maintainers of the
> kernel subsystem this impacts, we may be able to accept the patch as a
> pre-stable fix, in anticipation that it will be accepted into the
> -stable tree in the future.
>
> What is the origin of this patch? Is it from upstream somewhere? A
> commit hash from linux-2.6 or some other tree would be very helpful.
>
>> Alan Stern
>>
>>
>> -----------------------------------------------------------------------
>> This patch fixes a bug in the way isochronous input data is returned
>> to userspace for usbfs transfers. The entire buffer must be copied,
>> not just the first actual_length bytes, because the individual packets
>> will be discontiguous if any of them are short.
>>
>> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
>> CC: stable <stable@kernel.org>
>>
>> ---
>> Index: usb-2.6/drivers/usb/core/devio.c
>> ================================================== =================
>> --- usb-2.6.orig/drivers/usb/core/devio.c
>> +++ usb-2.6/drivers/usb/core/devio.c
>> @@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
>> free_async(as);
>> return -ENOMEM;
>> }
>> + /* Isochronous input data may end up being discontiguous
>> + * if some of the packets are short. Clear the buffer so
>> + * that the gaps don't leak kernel data to userspace.
>> + */
>> + if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
>> + memset(as->urb->transfer_buffer, 0,
>> + uurb->buffer_length);
>> }
>> as->urb->dev = ps->dev;
>> as->urb->pipe = (uurb->type << 30) |
>> @@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
>> void __user *addr = as->userurb;
>> unsigned int i;
>>
>> - if (as->userbuffer && urb->actual_length)
>> - if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>> - urb->actual_length))
>> + if (as->userbuffer && urb->actual_length) {
>> + if (urb->number_of_packets > 0) /* Isochronous */
>> + i = urb->transfer_buffer_length;
>> + else /* Non-Isoc */
>> + i = urb->actual_length;
>> + if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
>> goto err_out;
>> + }
>> if (put_user(as->status, &userurb->status))
>> goto err_out;
>> if (put_user(urb->actual_length, &userurb->actual_length))
>>
>> It would be nice if this patch could go into the ubuntu lucid kernel
>> as soon as possible.
>>
>> Thanks,
>> Markus
>
> -- Chase
>
Well it seems to come from Alan Stern and be cc'ed to stable. So it should/would
come from there. But I have not seen it in the queue, yet. But it is in upstream:

commit 7152b592593b9d48b33f8997b1dfd6df9143f7ec
Author: Alan Stern <stern@rowland.harvard.edu>
Date: Sat Mar 6 15:04:03 2010 -0500

USB: fix usbfs regression


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-24-2010, 03:44 PM
Chase Douglas
 
Default USBFS Bugfix

On Wed, Mar 24, 2010 at 12:39 PM, Stefan Bader
<stefan.bader@canonical.com> wrote:
> Chase Douglas wrote:
>> Hi Markus,
>>
>> On Wed, Mar 24, 2010 at 12:21 PM, Markus Rechberger
>> <mrechberger@gmail.com> wrote:
>>> Hi,
>>>
>>> on IRC I was recommended to submit this information to the mailinglist
>>>
>>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527
>>
>> The bug itself doesn't list much information. It basically says "usbfs
>> is broken." We need some proof of what is going wrong, preferably
>> something that can be tested when a fix is available.
>>
>>> Here's a better solution. *In theory we could copy just the individual
>>> packets from within the transfer buffer, but that would probably take
>>> longer than simply copying the whole buffer.
>>>
>>> (This was a little hasty; I haven't even compile-tested the patch.
>>> Some small fixes may be needed.)
>>
>> The general procedure for fixes to reach Ubuntu is to have them sent
>> upstream and be included in the mainline linux, and then to have the
>> fix read the -stable tree. We then pull patches from the -stable tree
>> for inclusion in Ubuntu.
>>
>> If you can show that a specific patch has been found to fix an issue
>> in Ubuntu and it has been accepted upstream by the maintainers of the
>> kernel subsystem this impacts, we may be able to accept the patch as a
>> pre-stable fix, in anticipation that it will be accepted into the
>> -stable tree in the future.
>>
>> What is the origin of this patch? Is it from upstream somewhere? A
>> commit hash from linux-2.6 or some other tree would be very helpful.
>>
>>> Alan Stern
>>>
>>>
>>> -----------------------------------------------------------------------
>>> This patch fixes a bug in the way isochronous input data is returned
>>> to userspace for usbfs transfers. *The entire buffer must be copied,
>>> not just the first actual_length bytes, because the individual packets
>>> will be discontiguous if any of them are short.
>>>
>>> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
>>> CC: stable <stable@kernel.org>
>>>
>>> ---
>>> Index: usb-2.6/drivers/usb/core/devio.c
>>> ================================================== =================
>>> --- usb-2.6.orig/drivers/usb/core/devio.c
>>> +++ usb-2.6/drivers/usb/core/devio.c
>>> @@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
>>> * * * * * * * * * * * *free_async(as);
>>> * * * * * * * * * * * *return -ENOMEM;
>>> * * * * * * * *}
>>> + * * * * * * * /* Isochronous input data may end up being discontiguous
>>> + * * * * * * * ** if some of the packets are short. *Clear the buffer so
>>> + * * * * * * * ** that the gaps don't leak kernel data to userspace.
>>> + * * * * * * * **/
>>> + * * * * * * * if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
>>> + * * * * * * * * * * * memset(as->urb->transfer_buffer, 0,
>>> + * * * * * * * * * * * * * * * * * * * uurb->buffer_length);
>>> * * * *}
>>> * * * *as->urb->dev = ps->dev;
>>> * * * *as->urb->pipe = (uurb->type << 30) |
>>> @@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
>>> * * * *void __user *addr = as->userurb;
>>> * * * *unsigned int i;
>>>
>>> - * * * if (as->userbuffer && urb->actual_length)
>>> - * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>>> - * * * * * * * * * * * * * * * *urb->actual_length))
>>> + * * * if (as->userbuffer && urb->actual_length) {
>>> + * * * * * * * if (urb->number_of_packets > 0) * * * * /* Isochronous */
>>> + * * * * * * * * * * * i = urb->transfer_buffer_length;
>>> + * * * * * * * else * * * * * * * * * * * * * * * * * */* Non-Isoc */
>>> + * * * * * * * * * * * i = urb->actual_length;
>>> + * * * * * * * if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
>>> * * * * * * * * * * * *goto err_out;
>>> + * * * }
>>> * * * *if (put_user(as->status, &userurb->status))
>>> * * * * * * * *goto err_out;
>>> * * * *if (put_user(urb->actual_length, &userurb->actual_length))
>>>
>>> It would be nice if this patch could go into the ubuntu lucid kernel
>>> as soon as possible.
>>>
>>> Thanks,
>>> Markus
>>
>> -- Chase
>>
> Well it seems to come from Alan Stern and be cc'ed to stable. So it should/would
> come from there. But I have not seen it in the queue, yet. But it is in upstream:
>
> commit 7152b592593b9d48b33f8997b1dfd6df9143f7ec
> Author: Alan Stern <stern@rowland.harvard.edu>
> Date: * Sat Mar 6 15:04:03 2010 -0500
>
> * *USB: fix usbfs regression

Ahh, I didn't realize Alan is the maintainer of the code. I'll leave
it up to you, Stefan, to determine how to handle this.

-- Chase

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-29-2010, 01:41 PM
Stefan Bader
 
Default USBFS Bugfix

This is a multi-part message in MIME format.Chase Douglas wrote:
> On Wed, Mar 24, 2010 at 12:39 PM, Stefan Bader
> <stefan.bader@canonical.com> wrote:
>> Chase Douglas wrote:
>>> Hi Markus,
>>>
>>> On Wed, Mar 24, 2010 at 12:21 PM, Markus Rechberger
>>> <mrechberger@gmail.com> wrote:
>>>> Hi,
>>>>
>>>> on IRC I was recommended to submit this information to the mailinglist
>>>>
>>>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544527
>>> The bug itself doesn't list much information. It basically says "usbfs
>>> is broken." We need some proof of what is going wrong, preferably
>>> something that can be tested when a fix is available.
>>>
>>>> Here's a better solution. In theory we could copy just the individual
>>>> packets from within the transfer buffer, but that would probably take
>>>> longer than simply copying the whole buffer.
>>>>
>>>> (This was a little hasty; I haven't even compile-tested the patch.
>>>> Some small fixes may be needed.)
>>> The general procedure for fixes to reach Ubuntu is to have them sent
>>> upstream and be included in the mainline linux, and then to have the
>>> fix read the -stable tree. We then pull patches from the -stable tree
>>> for inclusion in Ubuntu.
>>>
>>> If you can show that a specific patch has been found to fix an issue
>>> in Ubuntu and it has been accepted upstream by the maintainers of the
>>> kernel subsystem this impacts, we may be able to accept the patch as a
>>> pre-stable fix, in anticipation that it will be accepted into the
>>> -stable tree in the future.
>>>
>>> What is the origin of this patch? Is it from upstream somewhere? A
>>> commit hash from linux-2.6 or some other tree would be very helpful.
>>>
>>>> Alan Stern
>>>>
>>>>
>>>> -----------------------------------------------------------------------
>>>> This patch fixes a bug in the way isochronous input data is returned
>>>> to userspace for usbfs transfers. The entire buffer must be copied,
>>>> not just the first actual_length bytes, because the individual packets
>>>> will be discontiguous if any of them are short.
>>>>
>>>> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
>>>> CC: stable <stable@kernel.org>
>>>>
>>>> ---
>>>> Index: usb-2.6/drivers/usb/core/devio.c
>>>> ================================================== =================
>>>> --- usb-2.6.orig/drivers/usb/core/devio.c
>>>> +++ usb-2.6/drivers/usb/core/devio.c
>>>> @@ -1176,6 +1176,13 @@ static int proc_do_submiturb(struct dev_
>>>> free_async(as);
>>>> return -ENOMEM;
>>>> }
>>>> + /* Isochronous input data may end up being discontiguous
>>>> + * if some of the packets are short. Clear the buffer so
>>>> + * that the gaps don't leak kernel data to userspace.
>>>> + */
>>>> + if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
>>>> + memset(as->urb->transfer_buffer, 0,
>>>> + uurb->buffer_length);
>>>> }
>>>> as->urb->dev = ps->dev;
>>>> as->urb->pipe = (uurb->type << 30) |
>>>> @@ -1312,10 +1319,14 @@ static int processcompl(struct async *as
>>>> void __user *addr = as->userurb;
>>>> unsigned int i;
>>>>
>>>> - if (as->userbuffer && urb->actual_length)
>>>> - if (copy_to_user(as->userbuffer, urb->transfer_buffer,
>>>> - urb->actual_length))
>>>> + if (as->userbuffer && urb->actual_length) {
>>>> + if (urb->number_of_packets > 0) /* Isochronous */
>>>> + i = urb->transfer_buffer_length;
>>>> + else /* Non-Isoc */
>>>> + i = urb->actual_length;
>>>> + if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
>>>> goto err_out;
>>>> + }
>>>> if (put_user(as->status, &userurb->status))
>>>> goto err_out;
>>>> if (put_user(urb->actual_length, &userurb->actual_length))
>>>>
>>>> It would be nice if this patch could go into the ubuntu lucid kernel
>>>> as soon as possible.
>>>>
>>>> Thanks,
>>>> Markus
>>> -- Chase
>>>
>> Well it seems to come from Alan Stern and be cc'ed to stable. So it should/would
>> come from there. But I have not seen it in the queue, yet. But it is in upstream:
>>
>> commit 7152b592593b9d48b33f8997b1dfd6df9143f7ec
>> Author: Alan Stern <stern@rowland.harvard.edu>
>> Date: Sat Mar 6 15:04:03 2010 -0500
>>
>> USB: fix usbfs regression
>
> Ahh, I didn't realize Alan is the maintainer of the code. I'll leave
> it up to you, Stefan, to determine how to handle this.
>
> -- Chase

As this patch is upstream and has been cc'ed to stable too, I would ACK to
cherry-pick the upstream patch (attached for simplicity)

Stefan
 
Old 03-29-2010, 02:29 PM
Stefan Bader
 
Default USBFS Bugfix

One addition:
It might be that we are talking about USB_DEVICEFS. And that is not active anymore.

Stefan

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-29-2010, 02:49 PM
Stefan Bader
 
Default USBFS Bugfix

Stefan Bader wrote:
> One addition:
> It might be that we are talking about USB_DEVICEFS. And that is not active anymore.
>
> Stefan
>
Ok, upon feedback from Markus, he does not need the usb filesystem being mounted.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-30-2010, 04:55 PM
Andy Whitcroft
 
Default USBFS Bugfix

On Mon, Mar 29, 2010 at 03:41:18PM +0200, Stefan Bader wrote:

> As this patch is upstream and has been cc'ed to stable too, I would ACK to
> cherry-pick the upstream patch (attached for simplicity)
>
> Stefan

I concur:

Acked-by: Andy Whitcroft <apw@canonical.com>

> From 7152b592593b9d48b33f8997b1dfd6df9143f7ec Mon Sep 17 00:00:00 2001
> From: Alan Stern <stern@rowland.harvard.edu>
> Date: Sat, 6 Mar 2010 15:04:03 -0500
> Subject: [PATCH] USB: fix usbfs regression
>
> This patch (as1352) fixes a bug in the way isochronous input data is
> returned to userspace for usbfs transfers. The entire buffer must be
> copied, not just the first actual_length bytes, because the individual
> packets will be discontiguous if any of them are short.
>
> Reported-by: Markus Rechberger <mrechberger@gmail.com>
> Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
> CC: stable <stable@kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
> ---
> drivers/usb/core/devio.c | 17 ++++++++++++++---
> 1 files changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index e909ff7..3466fdc 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -1207,6 +1207,13 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb,
> free_async(as);
> return -ENOMEM;
> }
> + /* Isochronous input data may end up being discontiguous
> + * if some of the packets are short. Clear the buffer so
> + * that the gaps don't leak kernel data to userspace.
> + */
> + if (is_in && uurb->type == USBDEVFS_URB_TYPE_ISO)
> + memset(as->urb->transfer_buffer, 0,
> + uurb->buffer_length);
> }
> as->urb->dev = ps->dev;
> as->urb->pipe = (uurb->type << 30) |
> @@ -1345,10 +1352,14 @@ static int processcompl(struct async *as, void __user * __user *arg)
> void __user *addr = as->userurb;
> unsigned int i;
>
> - if (as->userbuffer && urb->actual_length)
> - if (copy_to_user(as->userbuffer, urb->transfer_buffer,
> - urb->actual_length))
> + if (as->userbuffer && urb->actual_length) {
> + if (urb->number_of_packets > 0) /* Isochronous */
> + i = urb->transfer_buffer_length;
> + else /* Non-Isoc */
> + i = urb->actual_length;
> + if (copy_to_user(as->userbuffer, urb->transfer_buffer, i))
> goto err_out;
> + }
> if (put_user(as->status, &userurb->status))
> goto err_out;
> if (put_user(urb->actual_length, &userurb->actual_length))

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 03-30-2010, 04:55 PM
Andy Whitcroft
 
Default USBFS Bugfix

Applied to Lucid.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 11:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org