Patch fixes incorrect stack usage in pn533_send_ack(). Function currently sets
stack as transfer_buffer (stack may not be dma-able, must not be used for URB
buffers) and returns (stack buffer is still in use after function call).
Patch is only compile tested.
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@xxxxxx>
---
drivers/nfc/pn533.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c
index daf92ac..2da0775 100644
--- a/drivers/nfc/pn533.c
+++ b/drivers/nfc/pn533.c
@@ -382,6 +382,8 @@ struct pn533 {
u8 tgt_active_prot;
u8 tgt_mode;
+ void *ack_buf;
+
struct pn533_frame_ops *ops;
};
@@ -761,7 +763,13 @@ static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
- dev->out_urb->transfer_buffer = ack;
+ if (!dev->ack_buf) {
+ dev->ack_buf = kmemdup(ack, sizeof(ack), flags);
+ if (!dev->ack_buf)
+ return -ENOMEM;
+ }
+
+ dev->out_urb->transfer_buffer = dev->ack_buf;
dev->out_urb->transfer_buffer_length = sizeof(ack);
rc = usb_submit_urb(dev->out_urb, flags);
@@ -2824,6 +2832,7 @@ error:
usb_free_urb(dev->in_urb);
usb_free_urb(dev->out_urb);
usb_put_dev(dev->udev);
+ kfree(dev->ack_buf);
kfree(dev);
return rc;
}
@@ -2855,6 +2864,7 @@ static void pn533_disconnect(struct usb_interface *interface)
usb_free_urb(dev->in_urb);
usb_free_urb(dev->out_urb);
+ kfree(dev->ack_buf);
kfree(dev);
nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
