This is a note to let you know that I've just added the patch titled HID: battery: don't do DMA from stack to the 3.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: hid-battery-don-t-do-dma-from-stack.patch and it can be found in the queue-3.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 6c2794a2984f4c17a58117a68703cc7640f01c5a Mon Sep 17 00:00:00 2001 From: Jiri Kosina <jkosina@xxxxxxx> Date: Mon, 2 Sep 2013 13:43:00 +0200 Subject: HID: battery: don't do DMA from stack From: Jiri Kosina <jkosina@xxxxxxx> commit 6c2794a2984f4c17a58117a68703cc7640f01c5a upstream. Instead of using data from stack for DMA in hidinput_get_battery_property(), allocate the buffer dynamically. Reported-by: Richard Ryniker <ryniker@xxxxxxxxxxxx> Reported-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/hid/hid-input.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/drivers/hid/hid-input.c +++ b/drivers/hid/hid-input.c @@ -340,7 +340,7 @@ static int hidinput_get_battery_property { struct hid_device *dev = container_of(psy, struct hid_device, battery); int ret = 0; - __u8 buf[2] = {}; + __u8 *buf; switch (prop) { case POWER_SUPPLY_PROP_PRESENT: @@ -349,13 +349,20 @@ static int hidinput_get_battery_property break; case POWER_SUPPLY_PROP_CAPACITY: + + buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL); + if (!buf) { + ret = -ENOMEM; + break; + } ret = dev->hid_get_raw_report(dev, dev->battery_report_id, - buf, sizeof(buf), + buf, 2, dev->battery_report_type); if (ret != 2) { if (ret >= 0) ret = -EINVAL; + kfree(buf); break; } @@ -364,6 +371,7 @@ static int hidinput_get_battery_property buf[1] <= dev->battery_max) val->intval = (100 * (buf[1] - dev->battery_min)) / (dev->battery_max - dev->battery_min); + kfree(buf); break; case POWER_SUPPLY_PROP_MODEL_NAME: Patches currently in stable-queue which might be from jkosina@xxxxxxx are queue-3.10/hid-battery-don-t-do-dma-from-stack.patch queue-3.10/hid-sensor-hub-validate-feature-report-details.patch queue-3.10/hid-correct-the-usb-ids-for-the-new-macbook-air-6.patch queue-3.10/hid-picolcd_core-validate-output-report-details.patch queue-3.10/hid-uhid-add-devname-module-alias.patch queue-3.10/hid-validate-hid-report-id-size.patch queue-3.10/hid-picolcd-prevent-null-pointer-dereference-on-_remove.patch queue-3.10/hid-fix-speedlink-vad-cezanne-support-for-some-devices.patch queue-3.10/hid-pantherlord-validate-output-report-details.patch queue-3.10/hid-usbhid-quirk-for-n-trig-duosense-touch-screen.patch queue-3.10/hid-check-for-null-field-when-setting-values.patch queue-3.10/hid-hidraw-correctly-deallocate-memory-on-device-disconnect.patch queue-3.10/hid-ntrig-validate-feature-report-details.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html