From: Oliver Neukum <oneukum@xxxxxxxx> [ Upstream commit ca9dc8d06ab64543a6a31adac5003349c5671218 ] If we want to avoid memory corruption on incoherent architectures, buffers for DMA must not reside - on the stack - embedded within other structures Allocate them separately. v2: fix uninitialized return value Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx> Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/media/usb/airspy/airspy.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/airspy/airspy.c b/drivers/media/usb/airspy/airspy.c index 8251942bcd12..1c549ad60195 100644 --- a/drivers/media/usb/airspy/airspy.c +++ b/drivers/media/usb/airspy/airspy.c @@ -134,7 +134,7 @@ struct airspy { /* USB control message buffer */ #define BUF_SIZE 128 - u8 buf[BUF_SIZE]; + u8 *buf; /* Current configuration */ unsigned int f_adc; @@ -872,6 +872,7 @@ static void airspy_video_release(struct v4l2_device *v) v4l2_ctrl_handler_free(&s->hdl); v4l2_device_unregister(&s->v4l2_dev); + kfree(s->buf); kfree(s); } @@ -979,7 +980,10 @@ static int airspy_probe(struct usb_interface *intf, { struct airspy *s; int ret; - u8 u8tmp, buf[BUF_SIZE]; + u8 u8tmp, *buf; + + buf = NULL; + ret = -ENOMEM; s = kzalloc(sizeof(struct airspy), GFP_KERNEL); if (s == NULL) { @@ -987,6 +991,13 @@ static int airspy_probe(struct usb_interface *intf, return -ENOMEM; } + s->buf = kzalloc(BUF_SIZE, GFP_KERNEL); + if (!s->buf) + goto err_free_mem; + buf = kzalloc(BUF_SIZE, GFP_KERNEL); + if (!buf) + goto err_free_mem; + mutex_init(&s->v4l2_lock); mutex_init(&s->vb_queue_lock); spin_lock_init(&s->queued_bufs_lock); @@ -1082,6 +1093,8 @@ static int airspy_probe(struct usb_interface *intf, v4l2_ctrl_handler_free(&s->hdl); v4l2_device_unregister(&s->v4l2_dev); err_free_mem: + kfree(buf); + kfree(s->buf); kfree(s); return ret; } -- 2.35.1