From ed033bf1ff69361887b6a79cdf6131ed0931fbbc Mon Sep 17 00:00:00 2001 From: Jay Fenlason Date: Fri, 11 Dec 2009 14:23:58 -0500 Subject: [PATCH] firewire: ohci: handle receive packets with a data length of zero commit 8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 upstream. Queueing to receive an ISO packet with a payload length of zero silently does nothing in dualbuffer mode, and crashes the kernel in packet-per-buffer mode. Return an error in dualbuffer mode, because the DMA controller won't let us do what we want, and work correctly in packet-per-buffer mode. Signed-off-by: Jay Fenlason Signed-off-by: Stefan Richter Signed-off-by: Greg Kroah-Hartman --- drivers/firewire/ohci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index 76b321bb73f9..e5827da92296 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -2180,6 +2180,13 @@ static int ohci_queue_iso_receive_dualbuffer(struct fw_iso_context *base, page = payload >> PAGE_SHIFT; offset = payload & ~PAGE_MASK; rest = p->payload_length; + /* + * The controllers I've tested have not worked correctly when + * second_req_count is zero. Rather than do something we know won't + * work, return an error + */ + if (rest == 0) + return -EINVAL; /* FIXME: make packet-per-buffer/dual-buffer a context option */ while (rest > 0) { @@ -2233,7 +2240,7 @@ static int ohci_queue_iso_receive_packet_per_buffer(struct fw_iso_context *base, unsigned long payload) { struct iso_context *ctx = container_of(base, struct iso_context, base); - struct descriptor *d = NULL, *pd = NULL; + struct descriptor *d, *pd; struct fw_iso_packet *p = packet; dma_addr_t d_bus, page_bus; u32 z, header_z, rest; @@ -2271,8 +2278,9 @@ static int ohci_queue_iso_receive_packet_per_buffer(struct fw_iso_context *base, d->data_address = cpu_to_le32(d_bus + (z * sizeof(*d))); rest = payload_per_buffer; + pd = d; for (j = 1; j < z; j++) { - pd = d + j; + pd++; pd->control = cpu_to_le16(DESCRIPTOR_STATUS | DESCRIPTOR_INPUT_MORE); -- 2.39.5