HID: hid-led: fix issue with transfer buffer not being dma capable

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The hid-led driver works fine under 4.8.0, however with the next
kernel from today I get this:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 2578 at drivers/usb/core/hcd.c:1584 usb_hcd_map_urb_for_dma+0x373/0x550 [usbcore]
transfer buffer not dma capable
Modules linked in: hid_led(+) usbhid vfat fat ir_sony_decoder iwlmvm led_class mac80211 snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal iwlwifi crc32c_intel snd_hda_codec_hdmi i2c_i801 i2c_smbus snd_hda_intel cfg80211 snd_hda_codec snd_hda_core snd_pcm r8169 snd_timer mei_me mii snd mei ir_lirc_codec lirc_dev nuvoton_cir rc_core btusb btintel bluetooth rfkill usb_storage efivarfs ipv6 ehci_pci ehci_hcd xhci_pci xhci_hcd usbcore usb_common ext4 jbd2 mbcache ahci libahci libata
CPU: 0 PID: 2578 Comm: systemd-udevd Not tainted 4.8.0-rc8-next-20161003 #1
Hardware name: ZOTAC ZBOX-CI321NANO/ZBOX-CI321NANO, BIOS B246P105 06/01/2015
ffffc90003dbb7e0 ffffffff81280425 ffffc90003dbb830 0000000000000000
ffffc90003dbb820 ffffffff8105b086 0000063003dbb800 ffff88006f374480
0000000000000000 0000000000000000 0000000000000001 ffff880079544000
Call Trace:
[<ffffffff81280425>] dump_stack+0x68/0x93
[<ffffffff8105b086>] __warn+0xc6/0xe0
[<ffffffff8105b0ea>] warn_slowpath_fmt+0x4a/0x50
[<ffffffffa0143a43>] usb_hcd_map_urb_for_dma+0x373/0x550 [usbcore]
[<ffffffffa01441b6>] usb_hcd_submit_urb+0x316/0x9c0 [usbcore]
[<ffffffff810bce80>] ? rcu_read_lock_sched_held+0x40/0x80
[<ffffffff810e0043>] ? module_assert_mutex_or_preempt+0x13/0x50
[<ffffffff810e0c07>] ? __module_address+0x27/0xf0
[<ffffffffa01456e4>] usb_submit_urb+0x2c4/0x520 [usbcore]
[<ffffffffa0145fea>] usb_start_wait_urb+0x5a/0xe0 [usbcore]
[<ffffffffa014612c>] usb_control_msg+0xbc/0xf0 [usbcore]
[<ffffffff810e0c07>] ? __module_address+0x27/0xf0
[<ffffffffa079a724>] usbhid_raw_request+0xa4/0x180 [usbhid]
[<ffffffffa07a93b1>] hidled_recv+0x71/0xe0 [hid_led]
[<ffffffffa07a947d>] thingm_init+0x2d/0x50 [hid_led]
[<ffffffffa07a969b>] hidled_probe+0xcb/0x24a [hid_led]
[<ffffffff814d96f2>] hid_device_probe+0xd2/0x150
[<ffffffff8146023d>] driver_probe_device+0x1fd/0x2c0
[<ffffffff8146039a>] __driver_attach+0x9a/0xa0
[<ffffffff81460300>] ? driver_probe_device+0x2c0/0x2c0
[<ffffffff8145e25d>] bus_for_each_dev+0x5d/0x90
[<ffffffff8145fa79>] driver_attach+0x19/0x20
[<ffffffff8145f5ff>] bus_add_driver+0x11f/0x220
[<ffffffffa07ac000>] ? 0xffffffffa07ac000
[<ffffffff8146086b>] driver_register+0x5b/0xd0
[<ffffffffa07ac000>] ? 0xffffffffa07ac000
[<ffffffff814d83d1>] __hid_register_driver+0x61/0xa0
[<ffffffffa07ac01e>] hidled_driver_init+0x1e/0x20 [hid_led]
[<ffffffff81000408>] do_one_initcall+0x38/0x150
[<ffffffff810bce80>] ? rcu_read_lock_sched_held+0x40/0x80
[<ffffffff81194ca0>] ? kmem_cache_alloc_trace+0x1d0/0x230
[<ffffffff811342f9>] do_init_module+0x5a/0x1cb
[<ffffffff810e3862>] load_module+0x1e42/0x2530
[<ffffffff810e0990>] ? __symbol_put+0x50/0x50
[<ffffffff810dfc50>] ? show_coresize+0x30/0x30
[<ffffffff811ad650>] ? kernel_read_file+0x100/0x190
[<ffffffff811ad794>] ? kernel_read_file_from_fd+0x44/0x70
[<ffffffff810e415a>] SYSC_finit_module+0xba/0xc0
[<ffffffff810e4179>] SyS_finit_module+0x9/0x10
[<ffffffff815e082a>] entry_SYSCALL_64_fastpath+0x18/0xad
---[ end trace c9e6ea27003ecf9e ]---

Fix this by using a kmalloc'ed buffer when calling hid_hw_raw_request.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

authored by

Heiner Kallweit and committed by

Jiri Kosina 9 years ago 3d1355b3 bc75450c

+19 -4

1 changed file

expand all

drivers

hid

hid-led.c

+19 -4

drivers/hid/hid-led.c

··· 100 100 const struct hidled_config *config; 101 101 struct hid_device *hdev; 102 102 struct hidled_rgb *rgb; 103 + u8 *buf; 103 104 struct mutex lock; 104 105 }; 105 106 ··· 119 118 120 119 mutex_lock(&ldev->lock); 121 120 121 + /* 122 + * buffer provided to hid_hw_raw_request must not be on the stack 123 + * and must not be part of a data structure 124 + */ 125 + memcpy(ldev->buf, buf, ldev->config->report_size); 126 + 122 127 if (ldev->config->report_type == RAW_REQUEST) 123 - ret = hid_hw_raw_request(ldev->hdev, buf[0], buf, 128 + ret = hid_hw_raw_request(ldev->hdev, buf[0], ldev->buf, 124 129 ldev->config->report_size, 125 130 HID_FEATURE_REPORT, 126 131 HID_REQ_SET_REPORT); 127 132 else if (ldev->config->report_type == OUTPUT_REPORT) 128 - ret = hid_hw_output_report(ldev->hdev, buf, 133 + ret = hid_hw_output_report(ldev->hdev, ldev->buf, 129 134 ldev->config->report_size); 130 135 else 131 136 ret = -EINVAL; ··· 154 147 155 148 mutex_lock(&ldev->lock); 156 149 157 - ret = hid_hw_raw_request(ldev->hdev, buf[0], buf, 150 + memcpy(ldev->buf, buf, ldev->config->report_size); 151 + 152 + ret = hid_hw_raw_request(ldev->hdev, buf[0], ldev->buf, 158 153 ldev->config->report_size, 159 154 HID_FEATURE_REPORT, 160 155 HID_REQ_SET_REPORT); 161 156 if (ret < 0) 162 157 goto err; 163 158 164 - ret = hid_hw_raw_request(ldev->hdev, buf[0], buf, 159 + ret = hid_hw_raw_request(ldev->hdev, buf[0], ldev->buf, 165 160 ldev->config->report_size, 166 161 HID_FEATURE_REPORT, 167 162 HID_REQ_GET_REPORT); 163 + 164 + memcpy(buf, ldev->buf, ldev->config->report_size); 168 165 err: 169 166 mutex_unlock(&ldev->lock); 170 167 ··· 456 445 457 446 ldev = devm_kzalloc(&hdev->dev, sizeof(*ldev), GFP_KERNEL); 458 447 if (!ldev) 448 + return -ENOMEM; 449 + 450 + ldev->buf = devm_kmalloc(&hdev->dev, MAX_REPORT_SIZE, GFP_KERNEL); 451 + if (!ldev->buf) 459 452 return -ENOMEM; 460 453 461 454 ret = hid_parse(hdev);