This is a note to let you know that I've just added the patch titled
pegasus: Use heap buffers for all register access
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
pegasus-use-heap-buffers-for-all-register-access.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 5593523f968bc86d42a035c6df47d5e0979b5ace Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Date: Sat, 4 Feb 2017 16:56:03 +0000
Subject: pegasus: Use heap buffers for all register access
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
commit 5593523f968bc86d42a035c6df47d5e0979b5ace upstream.
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
References: https://bugs.debian.org/852556
Reported-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@xxxxxxxxxx>
Tested-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@xxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Cc: Brad Spengler <spender@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/usb/pegasus.c | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
--- a/drivers/net/usb/pegasus.c
+++ b/drivers/net/usb/pegasus.c
@@ -126,40 +126,61 @@ static void async_ctrl_callback(struct u
static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
{
+ u8 *buf;
int ret;
+ buf = kmalloc(size, GFP_NOIO);
+ if (!buf)
+ return -ENOMEM;
+
ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0,
- indx, data, size, 1000);
+ indx, buf, size, 1000);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
+ else if (ret <= size)
+ memcpy(data, buf, ret);
+ kfree(buf);
return ret;
}
-static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
+static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size,
+ const void *data)
{
+ u8 *buf;
int ret;
+ buf = kmemdup(data, size, GFP_NOIO);
+ if (!buf)
+ return -ENOMEM;
+
ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0,
- indx, data, size, 100);
+ indx, buf, size, 100);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
+ kfree(buf);
return ret;
}
static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data)
{
+ u8 *buf;
int ret;
+ buf = kmemdup(&data, 1, GFP_NOIO);
+ if (!buf)
+ return -ENOMEM;
+
ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data,
- indx, &data, 1, 1000);
+ indx, buf, 1, 1000);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
+ kfree(buf);
return ret;
}
Patches currently in stable-queue which might be from ben@xxxxxxxxxxxxxxx are
queue-4.4/dvb-usb-firmware-don-t-do-dma-on-stack.patch
queue-4.4/dvb-usb-don-t-use-stack-for-firmware-load.patch
queue-4.4/catc-combine-failure-cleanup-code-in-catc_probe.patch
queue-4.4/acpi-nfit-libnvdimm-fix-interleave-set-cookie-calculation-64-bit-comparison.patch
queue-4.4/virtio-console-avoid-dma-from-stack.patch
queue-4.4/rtc-tegra-implement-clock-handling.patch
queue-4.4/dvb-usb-v2-avoid-use-after-free.patch
queue-4.4/platform-x86-acer-wmi-setup-accelerometer-when-machine-has-appropriate-notify-event.patch
queue-4.4/catc-use-heap-buffer-for-memory-size-test.patch
queue-4.4/pegasus-use-heap-buffers-for-all-register-access.patch
queue-4.4/kvm-fix-page-struct-leak-in-handle_vmon.patch
queue-4.4/rtl8150-use-heap-buffers-for-all-register-access.patch