Skip to content
Permalink
Browse files Browse the repository at this point in the history
pegasus: Use heap buffers for all register access
Allocating USB buffers on the stack is not portable, and no longer
works on x86_64 (with VMAP_STACK enabled as per default).

Fixes: 1da177e ("Linux-2.6.12-rc2")
References: https://bugs.debian.org/852556
Reported-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Tested-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
bwhacks authored and davem330 committed Feb 7, 2017
1 parent 432d4f8 commit 5593523
Showing 1 changed file with 25 additions and 4 deletions.
29 changes: 25 additions & 4 deletions drivers/net/usb/pegasus.c
Expand Up @@ -126,40 +126,61 @@ static void async_ctrl_callback(struct urb *urb)

static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
{
u8 *buf;
int ret;

buf = kmalloc(size, GFP_NOIO);
if (!buf)
return -ENOMEM;

ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0,
indx, data, size, 1000);
indx, buf, size, 1000);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
else if (ret <= size)
memcpy(data, buf, ret);
kfree(buf);
return ret;
}

static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size,
const void *data)
{
u8 *buf;
int ret;

buf = kmemdup(data, size, GFP_NOIO);
if (!buf)
return -ENOMEM;

ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0,
indx, data, size, 100);
indx, buf, size, 100);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
kfree(buf);
return ret;
}

static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data)
{
u8 *buf;
int ret;

buf = kmemdup(&data, 1, GFP_NOIO);
if (!buf)
return -ENOMEM;

ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data,
indx, &data, 1, 1000);
indx, buf, 1, 1000);
if (ret < 0)
netif_dbg(pegasus, drv, pegasus->net,
"%s returned %d\n", __func__, ret);
kfree(buf);
return ret;
}

Expand Down

0 comments on commit 5593523

Please sign in to comment.