diff mbox

[3.19.y-ckt,004/130] HID: cp2112: fix to force single data-report reply

Message ID 1440713521-5906-5-git-send-email-kamal@canonical.com
State New
Headers show

Commit Message

Kamal Mostafa Aug. 27, 2015, 10:09 p.m. UTC 
3.19.8-ckt6 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Antonio Borneo <borneo.antonio@gmail.com>

commit 6debce6f4e787a8eb4cec94e7afa85fb4f40db27 upstream.

Current implementation of cp2112_raw_event() only accepts one data report at a
time. If last received data report is not fully handled yet, a new incoming
data report will overwrite it. In such case we don't guaranteed to propagate
the correct incoming data.

The trivial fix implemented here forces a single report at a time by requesting
in cp2112_read() no more than 61 byte of data, which is the payload size of a
single data report.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Tested-by: Ellen Wang <ellen@cumulusnetworks.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 drivers/hid/hid-cp2112.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox

Patch

diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c
index 3318de6..a2dbbbe 100644
--- a/drivers/hid/hid-cp2112.c
+++ b/drivers/hid/hid-cp2112.c
@@ -356,6 +356,8 @@  static int cp2112_read(struct cp2112_device *dev, u8 *data, size_t size)
 	struct cp2112_force_read_report report;
 	int ret;
 
+	if (size > sizeof(dev->read_data))
+		size = sizeof(dev->read_data);
 	report.report = CP2112_DATA_READ_FORCE_SEND;
 	report.length = cpu_to_be16(size);