Patch "HID: battery: don't do DMA from stack" has been added to the 3.11-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    HID: battery: don't do DMA from stack

to the 3.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     hid-battery-don-t-do-dma-from-stack.patch
and it can be found in the queue-3.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 6c2794a2984f4c17a58117a68703cc7640f01c5a Mon Sep 17 00:00:00 2001
From: Jiri Kosina <jkosina@xxxxxxx>
Date: Mon, 2 Sep 2013 13:43:00 +0200
Subject: HID: battery: don't do DMA from stack

From: Jiri Kosina <jkosina@xxxxxxx>

commit 6c2794a2984f4c17a58117a68703cc7640f01c5a upstream.

Instead of using data from stack for DMA in hidinput_get_battery_property(),
allocate the buffer dynamically.

Reported-by: Richard Ryniker <ryniker@xxxxxxxxxxxx>
Reported-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/hid/hid-input.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -340,7 +340,7 @@ static int hidinput_get_battery_property
 {
 	struct hid_device *dev = container_of(psy, struct hid_device, battery);
 	int ret = 0;
-	__u8 buf[2] = {};
+	__u8 *buf;
 
 	switch (prop) {
 	case POWER_SUPPLY_PROP_PRESENT:
@@ -349,12 +349,19 @@ static int hidinput_get_battery_property
 		break;
 
 	case POWER_SUPPLY_PROP_CAPACITY:
+
+		buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL);
+		if (!buf) {
+			ret = -ENOMEM;
+			break;
+		}
 		ret = dev->hid_get_raw_report(dev, dev->battery_report_id,
-					      buf, sizeof(buf),
+					      buf, 2,
 					      dev->battery_report_type);
 
 		if (ret != 2) {
 			ret = -ENODATA;
+			kfree(buf);
 			break;
 		}
 		ret = 0;
@@ -364,6 +371,7 @@ static int hidinput_get_battery_property
 		    buf[1] <= dev->battery_max)
 			val->intval = (100 * (buf[1] - dev->battery_min)) /
 				(dev->battery_max - dev->battery_min);
+		kfree(buf);
 		break;
 
 	case POWER_SUPPLY_PROP_MODEL_NAME:


Patches currently in stable-queue which might be from jkosina@xxxxxxx are

queue-3.11/hid-battery-don-t-do-dma-from-stack.patch
queue-3.11/hid-sensor-hub-validate-feature-report-details.patch
queue-3.11/hid-correct-the-usb-ids-for-the-new-macbook-air-6.patch
queue-3.11/hid-picolcd_core-validate-output-report-details.patch
queue-3.11/hid-uhid-add-devname-module-alias.patch
queue-3.11/hid-wiimote-work-around-broken-drm_kai-on-gen10.patch
queue-3.11/hid-validate-hid-report-id-size.patch
queue-3.11/hid-picolcd-prevent-null-pointer-dereference-on-_remove.patch
queue-3.11/hid-fix-speedlink-vad-cezanne-support-for-some-devices.patch
queue-3.11/hid-pantherlord-validate-output-report-details.patch
queue-3.11/hid-kye-add-report-fixup-for-genius-gx-imperator-keyboard.patch
queue-3.11/hid-usbhid-quirk-for-n-trig-duosense-touch-screen.patch
queue-3.11/hid-check-for-null-field-when-setting-values.patch
queue-3.11/hid-hidraw-correctly-deallocate-memory-on-device-disconnect.patch
queue-3.11/hid-ntrig-validate-feature-report-details.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]