tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

misc: rtsx_usb: use separate command and response buffers

rtsx_usb uses same buffer for command and response. There could
be a potential conflict using the same buffer for both especially
if retries and timeouts are involved.

Use separate command and response buffers to avoid conflicts.

Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/07e3721804ff07aaab9ef5b39a5691d0718b9ade.1656642167.git.skhan@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by Shuah Khan and committed by Greg Kroah-Hartman 3776c785 eb7f8e28

+17 -10
unified split
+17 -9
drivers/misc/cardreader/rtsx_usb.c
··· 631 632 ucr->pusb_dev = usb_dev; 633 634 - ucr->iobuf = kmalloc(IOBUF_SIZE, GFP_KERNEL); 635 - if (!ucr->iobuf) 636 return -ENOMEM; 637 638 usb_set_intfdata(intf, ucr); 639 640 ucr->vendor_id = id->idVendor; 641 ucr->product_id = id->idProduct; 642 - ucr->cmd_buf = ucr->rsp_buf = ucr->iobuf; 643 644 mutex_init(&ucr->dev_mutex); 645 ··· 670 671 out_init_fail: 672 usb_set_intfdata(ucr->pusb_intf, NULL); 673 - kfree(ucr->iobuf); 674 - ucr->iobuf = NULL; 675 - ucr->cmd_buf = ucr->rsp_buf = NULL; 676 return ret; 677 } 678 ··· 687 mfd_remove_devices(&intf->dev); 688 689 usb_set_intfdata(ucr->pusb_intf, NULL); 690 - kfree(ucr->iobuf); 691 - ucr->iobuf = NULL; 692 - ucr->cmd_buf = ucr->rsp_buf = NULL; 693 } 694 695 #ifdef CONFIG_PM
··· 631 632 ucr->pusb_dev = usb_dev; 633 634 + ucr->cmd_buf = kmalloc(IOBUF_SIZE, GFP_KERNEL); 635 + if (!ucr->cmd_buf) 636 return -ENOMEM; 637 + 638 + ucr->rsp_buf = kmalloc(IOBUF_SIZE, GFP_KERNEL); 639 + if (!ucr->rsp_buf) 640 + goto out_free_cmd_buf; 641 642 usb_set_intfdata(intf, ucr); 643 644 ucr->vendor_id = id->idVendor; 645 ucr->product_id = id->idProduct; 646 647 mutex_init(&ucr->dev_mutex); 648 ··· 667 668 out_init_fail: 669 usb_set_intfdata(ucr->pusb_intf, NULL); 670 + kfree(ucr->rsp_buf); 671 + ucr->rsp_buf = NULL; 672 + out_free_cmd_buf: 673 + kfree(ucr->cmd_buf); 674 + ucr->cmd_buf = NULL; 675 return ret; 676 } 677 ··· 682 mfd_remove_devices(&intf->dev); 683 684 usb_set_intfdata(ucr->pusb_intf, NULL); 685 + 686 + kfree(ucr->cmd_buf); 687 + ucr->cmd_buf = NULL; 688 + 689 + kfree(ucr->rsp_buf); 690 + ucr->rsp_buf = NULL; 691 } 692 693 #ifdef CONFIG_PM
-1
include/linux/rtsx_usb.h
··· 54 struct usb_device *pusb_dev; 55 struct usb_interface *pusb_intf; 56 struct usb_sg_request current_sg; 57 - unsigned char *iobuf; 58 59 struct timer_list sg_timer; 60 struct mutex dev_mutex;
··· 54 struct usb_device *pusb_dev; 55 struct usb_interface *pusb_intf; 56 struct usb_sg_request current_sg; 57 58 struct timer_list sg_timer; 59 struct mutex dev_mutex;