projects / platform / kernel / linux-amlogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6332fb8)
USB: serial: iuu_phoenix: fix led-activity helpers
authorJohan Hovold <johan@kernel.org>
Thu, 16 Jul 2020 08:50:55 +0000 (10:50 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 21 Aug 2020 09:02:02 +0000 (11:02 +0200)
[ Upstream commit de37458f8c2bfc465500a1dd0d15dbe96d2a698c ]

The set-led command is eight bytes long and starts with a command byte
followed by six bytes of RGB data and ends with a byte encoding a
frequency (see iuu_led() and iuu_rgbf_fill_buffer()).

The led activity helpers had a few long-standing bugs which corrupted
the command packets by inserting a second command byte and thereby
offsetting the RGB data and dropping the frequency in non-xmas mode.

In xmas mode, a related off-by-one error left the frequency field
uninitialised.

Fixes: 60a8fc017103 ("USB: add iuu_phoenix driver")
Reported-by: George Spelvin <lkml@sdf.org>
Link: https://lore.kernel.org/r/20200716085056.31471-1-johan@kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/usb/serial/iuu_phoenix.c patch | blob | history

diff --git a/drivers/usb/serial/iuu_phoenix.c b/drivers/usb/serial/iuu_phoenix.c
index d6ac1f472b779424a97bc2fb4c9b74dec247d10d..bdeb2b2489549f8446e7d3c1429abf04781769fa 100644 (file)
--- a/drivers/usb/serial/iuu_phoenix.c
+++ b/drivers/usb/serial/iuu_phoenix.c
@@ -369,10 +369,11 @@ static void iuu_led_activity_on(struct urb *urb)
        struct usb_serial_port *port = urb->context;
        int result;
        char *buf_ptr = port->write_urb->transfer_buffer;
-       *buf_ptr++ = IUU_SET_LED;
+
        if (xmas) {
-               get_random_bytes(buf_ptr, 6);
-               *(buf_ptr+7) = 1;
+               buf_ptr[0] = IUU_SET_LED;
+               get_random_bytes(buf_ptr + 1, 6);
+               buf_ptr[7] = 1;
        } else {
                iuu_rgbf_fill_buffer(buf_ptr, 255, 255, 0, 0, 0, 0, 255);
        }
@@ -390,13 +391,14 @@ static void iuu_led_activity_off(struct urb *urb)
        struct usb_serial_port *port = urb->context;
        int result;
        char *buf_ptr = port->write_urb->transfer_buffer;
+
        if (xmas) {
                iuu_rxcmd(urb);
                return;
-       } else {
-               *buf_ptr++ = IUU_SET_LED;
-               iuu_rgbf_fill_buffer(buf_ptr, 0, 0, 255, 255, 0, 0, 255);
        }
+
+       iuu_rgbf_fill_buffer(buf_ptr, 0, 0, 255, 255, 0, 0, 255);
+
        usb_fill_bulk_urb(port->write_urb, port->serial->dev,
                          usb_sndbulkpipe(port->serial->dev,
                                          port->bulk_out_endpointAddress),
Domain: System / Kernel;