The following patch
===== drivers/usb/hcd.c 1.10 vs edited =====
--- 1.10/drivers/usb/hcd.c Mon Mar 31 14:22:42 2003
+++ edited/drivers/usb/hcd.c Wed Dec 17 11:26:53 2003
@@ -323,7 +323,7 @@
struct usb_ctrlrequest *cmd = (struct usb_ctrlrequest *) urb->setup_packet;
u16 typeReq, wValue, wIndex, wLength;
const u8 *bufp = 0;
- u8 *ubuf = urb->transfer_buffer;
+ u8 *ubuf = (u8 *) urb->transfer_dma;
int len = 0;
typeReq = (cmd->bRequestType << 8) | cmd->bRequest;
seems to be needed to make the following code later in the function work
if (bufp) {
if (urb->transfer_buffer_length < len)
len = urb->transfer_buffer_length;
urb->actual_length = len;
// always USB_DIR_IN, toward host
memcpy (ubuf, bufp, len);
}
in the case where bounce buffers are being used to implement PCI DMA
operations. Without the patch, the subsequent pci_unmap_single copies
the contents of the bounce buffer over the top of urb->transfer_buffer,
destroying what the memcpy() put there.
My USB knowledge is pretty limited, so I've no idea whether this patch
adversely affects anything else in rh_call_control.
The patch is against 2.4.23-pre-something, but I see the code's the same
in 2.6.