Skip to content

Commit 5593523

Browse files
bwhacksdavem330
bwhacks
authored and
davem330
committed
pegasus: Use heap buffers for all register access
Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per default). Fixes: 1da177e ("Linux-2.6.12-rc2") References: https://bugs.debian.org/852556 Reported-by: Lisandro Damián Nicanor Pérez Meyer <[email protected]> Tested-by: Lisandro Damián Nicanor Pérez Meyer <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 432d4f8 commit 5593523

File tree

1 file changed

+25
-4
lines changed

1 file changed

+25
-4
lines changed

drivers/net/usb/pegasus.c

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -126,40 +126,61 @@ static void async_ctrl_callback(struct urb *urb)
126126

127127
static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
128128
{
129+
u8 *buf;
129130
int ret;
130131

132+
buf = kmalloc(size, GFP_NOIO);
133+
if (!buf)
134+
return -ENOMEM;
135+
131136
ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0),
132137
PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0,
133-
indx, data, size, 1000);
138+
indx, buf, size, 1000);
134139
if (ret < 0)
135140
netif_dbg(pegasus, drv, pegasus->net,
136141
"%s returned %d\n", __func__, ret);
142+
else if (ret <= size)
143+
memcpy(data, buf, ret);
144+
kfree(buf);
137145
return ret;
138146
}
139147

140-
static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
148+
static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size,
149+
const void *data)
141150
{
151+
u8 *buf;
142152
int ret;
143153

154+
buf = kmemdup(data, size, GFP_NOIO);
155+
if (!buf)
156+
return -ENOMEM;
157+
144158
ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
145159
PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0,
146-
indx, data, size, 100);
160+
indx, buf, size, 100);
147161
if (ret < 0)
148162
netif_dbg(pegasus, drv, pegasus->net,
149163
"%s returned %d\n", __func__, ret);
164+
kfree(buf);
150165
return ret;
151166
}
152167

153168
static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data)
154169
{
170+
u8 *buf;
155171
int ret;
156172

173+
buf = kmemdup(&data, 1, GFP_NOIO);
174+
if (!buf)
175+
return -ENOMEM;
176+
157177
ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
158178
PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data,
159-
indx, &data, 1, 1000);
179+
indx, buf, 1, 1000);
160180
if (ret < 0)
161181
netif_dbg(pegasus, drv, pegasus->net,
162182
"%s returned %d\n", __func__, ret);
183+
kfree(buf);
163184
return ret;
164185
}
165186

0 commit comments

Comments
 (0)