From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ben Hutchings <ben@decadent.org.uk>,
"David S. Miller" <davem@davemloft.net>,
Brad Spengler <spender@grsecurity.net>
Subject: [PATCH 4.4 37/45] rtl8150: Use heap buffers for all register access
Date: Wed, 19 Apr 2017 16:56:19 +0200 [thread overview]
Message-ID: <20170419141636.271571492@linuxfoundation.org> (raw)
In-Reply-To: <20170419141634.793081968@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@decadent.org.uk>
commit 7926aff5c57b577ab0f43364ff0c59d968f6a414 upstream.
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/rtl8150.c | 34 +++++++++++++++++++++++++++-------
1 file changed, 27 insertions(+), 7 deletions(-)
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -155,16 +155,36 @@ static const char driver_name [] = "rtl8
*/
static int get_registers(rtl8150_t * dev, u16 indx, u16 size, void *data)
{
- return usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
- RTL8150_REQ_GET_REGS, RTL8150_REQT_READ,
- indx, 0, data, size, 500);
+ void *buf;
+ int ret;
+
+ buf = kmalloc(size, GFP_NOIO);
+ if (!buf)
+ return -ENOMEM;
+
+ ret = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
+ RTL8150_REQ_GET_REGS, RTL8150_REQT_READ,
+ indx, 0, buf, size, 500);
+ if (ret > 0 && ret <= size)
+ memcpy(data, buf, ret);
+ kfree(buf);
+ return ret;
}
-static int set_registers(rtl8150_t * dev, u16 indx, u16 size, void *data)
+static int set_registers(rtl8150_t * dev, u16 indx, u16 size, const void *data)
{
- return usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
- RTL8150_REQ_SET_REGS, RTL8150_REQT_WRITE,
- indx, 0, data, size, 500);
+ void *buf;
+ int ret;
+
+ buf = kmemdup(data, size, GFP_NOIO);
+ if (!buf)
+ return -ENOMEM;
+
+ ret = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
+ RTL8150_REQ_SET_REGS, RTL8150_REQT_WRITE,
+ indx, 0, buf, size, 500);
+ kfree(buf);
+ return ret;
}
static void async_set_reg_cb(struct urb *urb)
next prev parent reply other threads:[~2017-04-19 14:58 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 14:55 [PATCH 4.4 00/45] 4.4.63-stable review Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 01/45] cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 02/45] thp: fix MADV_DONTNEED vs clear soft dirty race Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 03/45] drm/nouveau/mpeg: mthd returns true on success now Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 04/45] drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 05/45] CIFS: store results of cifs_reopen_file to avoid infinite wait Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 06/45] Input: xpad - add support for Razer Wildcat gamepad Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 07/45] perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 08/45] x86/vdso: Ensure vdso32_enabled gets set to valid values only Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 09/45] x86/vdso: Plug race between mapping and ELF header setup Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 10/45] acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 11/45] iscsi-target: Fix TMR reference leak during session shutdown Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 12/45] iscsi-target: Drop work-around for legacy GlobalSAN initiator Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 13/45] scsi: sr: Sanity check returned mode data Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 14/45] scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 15/45] scsi: sd: Fix capacity calculation with 32-bit sector_t Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 16/45] xen, fbfront: fix connecting to backend Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 17/45] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 18/45] irqchip/irq-imx-gpcv2: Fix spinlock initialization Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 19/45] ftrace: Fix removing of second function probe Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 20/45] char: Drop bogus dependency of DEVPORT on !M68K Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 21/45] char: lack of bool string made CONFIG_DEVPORT always on Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 22/45] Revert "MIPS: Lantiq: Fix cascaded IRQ setup" Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 23/45] kvm: fix page struct leak in handle_vmon Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 24/45] zram: do not use copy_page with non-page aligned address Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 25/45] powerpc: Disable HFSCR[TM] if TM is not supported Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 26/45] crypto: ahash - Fix EINPROGRESS notification callback Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 27/45] ath9k: fix NULL pointer dereference Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 28/45] [media] dvb-usb-v2: avoid use-after-free Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 29/45] ext4: fix inode checksum calculation problem if i_extra_size is small Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 31/45] rtc: tegra: Implement clock handling Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 32/45] mm: Tighten x86 /dev/mem with zeroing reads Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 33/45] [media] dvb-usb: dont use stack for firmware load Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 35/45] virtio-console: avoid DMA from stack Greg Kroah-Hartman
2017-04-19 14:56 ` Greg Kroah-Hartman [this message]
2017-04-19 14:56 ` [PATCH 4.4 38/45] catc: Combine failure cleanup code in catc_probe() Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 39/45] catc: Use heap buffer for memory size test Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 40/45] ibmveth: calculate gso_segs for large packets Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 41/45] SUNRPC: fix refcounting problems with auth_gss messages Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 42/45] tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 44/45] sctp: deny peeloff operation on asocs with threads sleeping on it Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 45/45] MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch Greg Kroah-Hartman
2017-04-19 20:39 ` [PATCH 4.4 00/45] 4.4.63-stable review Shuah Khan
2017-04-19 23:21 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170419141636.271571492@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=spender@grsecurity.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).