From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Johan Hovold <johan@kernel.org>,
Jiri Kosina <jkosina@suse.cz>
Subject: [PATCH 4.4 17/42] HID: corsair: fix DMA buffers on stack
Date: Tue, 24 Jan 2017 08:55:27 +0100 [thread overview]
Message-ID: <20170124075510.039781056@linuxfoundation.org> (raw)
In-Reply-To: <20170124075509.299412838@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan@kernel.org>
commit 6d104af38b570d37aa32a5803b04c354f8ed513d upstream.
Not all platforms support DMA to the stack, and specifically since v4.9
this is no longer supported on x86 with VMAP_STACK either.
Note that the macro-mode buffer was larger than necessary.
Fixes: 6f78193ee9ea ("HID: corsair: Add Corsair Vengeance K90 driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-corsair.c | 54 +++++++++++++++++++++++++++++++++++-----------
1 file changed, 42 insertions(+), 12 deletions(-)
--- a/drivers/hid/hid-corsair.c
+++ b/drivers/hid/hid-corsair.c
@@ -148,7 +148,11 @@ static enum led_brightness k90_backlight
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
int brightness;
- char data[8];
+ char *data;
+
+ data = kmalloc(8, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_STATUS,
@@ -158,16 +162,22 @@ static enum led_brightness k90_backlight
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial state (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
brightness = data[4];
if (brightness < 0 || brightness > 3) {
dev_warn(dev,
"Read invalid backlight brightness: %02hhx.\n",
data[4]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return brightness;
+ ret = brightness;
+out:
+ kfree(data);
+
+ return ret;
}
static enum led_brightness k90_record_led_get(struct led_classdev *led_cdev)
@@ -253,7 +263,11 @@ static ssize_t k90_show_macro_mode(struc
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
const char *macro_mode;
- char data[8];
+ char *data;
+
+ data = kmalloc(2, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_GET_MODE,
@@ -263,7 +277,8 @@ static ssize_t k90_show_macro_mode(struc
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial mode (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
switch (data[0]) {
@@ -277,10 +292,15 @@ static ssize_t k90_show_macro_mode(struc
default:
dev_warn(dev, "K90 in unknown mode: %02hhx.\n",
data[0]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return snprintf(buf, PAGE_SIZE, "%s\n", macro_mode);
+ ret = snprintf(buf, PAGE_SIZE, "%s\n", macro_mode);
+out:
+ kfree(data);
+
+ return ret;
}
static ssize_t k90_store_macro_mode(struct device *dev,
@@ -320,7 +340,11 @@ static ssize_t k90_show_current_profile(
struct usb_interface *usbif = to_usb_interface(dev->parent);
struct usb_device *usbdev = interface_to_usbdev(usbif);
int current_profile;
- char data[8];
+ char *data;
+
+ data = kmalloc(8, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
K90_REQUEST_STATUS,
@@ -330,16 +354,22 @@ static ssize_t k90_show_current_profile(
if (ret < 0) {
dev_warn(dev, "Failed to get K90 initial state (error %d).\n",
ret);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
current_profile = data[7];
if (current_profile < 1 || current_profile > 3) {
dev_warn(dev, "Read invalid current profile: %02hhx.\n",
data[7]);
- return -EIO;
+ ret = -EIO;
+ goto out;
}
- return snprintf(buf, PAGE_SIZE, "%d\n", current_profile);
+ ret = snprintf(buf, PAGE_SIZE, "%d\n", current_profile);
+out:
+ kfree(data);
+
+ return ret;
}
static ssize_t k90_store_current_profile(struct device *dev,
next prev parent reply other threads:[~2017-01-24 7:56 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20170124075830epcas1p296b07d21649bc2441732496425ef6977@epcas1p2.samsung.com>
2017-01-24 7:55 ` [PATCH 4.4 00/42] 4.4.45-stable review Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 01/42] ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 02/42] IB/mlx5: Wait for all async command completions to complete Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 03/42] IB/mlx4: Set traffic class in AH Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 04/42] IB/mlx4: Fix out-of-range array index in destroy qp flow Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 05/42] IB/mlx4: Fix port query for 56Gb Ethernet links Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 06/42] IB/mlx4: When no DMFS for IPoIB, dont allow NET_IF QPs Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 07/42] IB/IPoIB: Remove cant use GFP_NOIO warning Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 08/42] perf scripting: Avoid leaking the scripting_context variable Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 09/42] ARM: dts: imx31: fix clock control module interrupts description Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 11/42] ARM: dts: imx31: fix AVIC base address Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 12/42] tmpfs: clear S_ISGID when setting posix ACLs Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 13/42] x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 14/42] svcrpc: dont leak contexts on PROC_DESTROY Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 15/42] fuse: clear FR_PENDING flag when moving requests out of pending queue Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 16/42] PCI: Enumerate switches below PCI-to-PCIe bridges Greg Kroah-Hartman
2017-01-24 7:55 ` Greg Kroah-Hartman [this message]
2017-01-24 7:55 ` [PATCH 4.4 18/42] HID: corsair: fix control-transfer error handling Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 19/42] mmc: mxs-mmc: Fix additional cycles after transmission stop Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 20/42] ieee802154: atusb: do not use the stack for buffers to make them DMA able Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 21/42] mtd: nand: xway: disable module support Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 22/42] x86/ioapic: Restore IO-APIC irq_chip retrigger callback Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 23/42] qla2xxx: Fix crash due to null pointer access Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 24/42] ubifs: Fix journal replay wrt. xattr nodes Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 25/42] clocksource/exynos_mct: Clear interrupt when cpu is shut down Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 26/42] svcrdma: avoid duplicate dma unmapping during error recovery Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 27/42] ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 28/42] ceph: fix bad endianness handling in parse_reply_info_extra Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 29/42] ARM: dts: da850-evm: fix read access to SPI flash Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 30/42] arm64/ptrace: Preserve previous registers for short regset write Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 31/42] arm64/ptrace: Preserve previous registers for short regset write - 2 Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 32/42] arm64/ptrace: Preserve previous registers for short regset write - 3 Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 33/42] arm64/ptrace: Avoid uninitialised struct padding in fpr_set() Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 34/42] arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 35/42] ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 36/42] ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 37/42] ARM: 8613/1: Fix the uaccess crash on PB11MPCore Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 38/42] [media] blackfin: check devm_pinctrl_get() for errors Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 39/42] [media] ite-cir: initialize use_demodulator before using it Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 40/42] dmaengine: pl330: Fix runtime PM support for terminated transfers Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 41/42] selftest/powerpc: Wrong PMC initialized in pmc56_overflow test Greg Kroah-Hartman
2017-01-24 7:55 ` [PATCH 4.4 42/42] arm64: avoid returning from bad_mode Greg Kroah-Hartman
2017-01-24 18:26 ` [PATCH 4.4 00/42] 4.4.45-stable review Shuah Khan
2017-01-24 19:08 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170124075510.039781056@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jkosina@suse.cz \
--cc=johan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).