From: Oleksij Rempel <linux@rempel-privat.de>
Date: Thu, 18 Jul 2013 13:02:52 +0000 (+0200)
Subject: k2_fw_usb_api: add warning on oversized buffer.
X-Git-Tag: 1.4.0~11^2~8
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=78df7b491a39376a26e4144d80f69f7a28fb358f;hp=ffd97659858ed6e9bd252ed1baa2243d8a725dd6;p=open-ath9k-htc-firmware.git

k2_fw_usb_api: add warning on oversized buffer.

Currently i do not know how to fix this bug. It is reproducable on:
Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04)
After module reload, first packet with data size over 64 Byte will brake EP4
buffer. Size register will show bigger value as existing size of buffer.
Last buffer part will be corrupt.

Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
---

diff --git a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
index b549108..b8adbf4 100755
--- a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
+++ b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
@@ -418,6 +418,10 @@ void vUsb_Reg_Out_patch(void)
 
     // get the size of this transcation
     usbfifolen = USB_BYTE_REG_READ(ZM_EP4_BYTE_COUNT_LOW_OFFSET);
+    if (usbfifolen > 0x40) {
+        A_PRINTF("EP4 FIFO Bug? Buffer is too big: %x\n", usbfifolen);
+        goto ERR;
+    }
 
     // check is command is new
     if( cmd_is_new ){