[Resubmit] [PATCH] usb/mcs7830: Don't use buffers from stack for USB transfers
From: Christian Eggers
Date: Wed Jan 21 2009 - 06:48:51 EST
From: Christian Eggers <christian.eggers@xxxxxxxxxxx>
mcs7830_set_reg() and mcs7830_get_reg() are called with buffers
from stack which must not be used directly for USB transfers.
This causes corruption of the stack particulary on non x86
architectures because DMA may be used for these transfers.
Signed-off-by: Christian Eggers <christian.eggers@xxxxxxxxxxx>
---
This mail was sent by KMail. I hope tabs/spaces are ok now.
diff -uprN linux-2.6.28.1.orig/drivers/net/usb/mcs7830.c linux-2.6.28.1/drivers/net/usb/mcs7830.c
--- linux-2.6.28.1.orig/drivers/net/usb/mcs7830.c 2009-01-18 19:45:37.000000000 +0100
+++ linux-2.6.28.1/drivers/net/usb/mcs7830.c 2009-01-20 20:53:59.000000000 +0100
@@ -94,10 +94,18 @@ static int mcs7830_get_reg(struct usbnet
{
struct usb_device *xdev = dev->udev;
int ret;
+ void *buffer;
+
+ buffer = kmalloc(size, GFP_NOIO);
+ if (buffer == NULL)
+ return -ENOMEM;
ret = usb_control_msg(xdev, usb_rcvctrlpipe(xdev, 0), MCS7830_RD_BREQ,
- MCS7830_RD_BMREQ, 0x0000, index, data,
+ MCS7830_RD_BMREQ, 0x0000, index, buffer,
size, MCS7830_CTRL_TIMEOUT);
+ memcpy(data, buffer, size);
+ kfree(buffer);
+
return ret;
}
@@ -105,10 +113,18 @@ static int mcs7830_set_reg(struct usbnet
{
struct usb_device *xdev = dev->udev;
int ret;
+ void *buffer;
+
+ buffer = kmalloc(size, GFP_NOIO);
+ if (buffer == NULL)
+ return -ENOMEM;
+
+ memcpy(buffer, data, size);
ret = usb_control_msg(xdev, usb_sndctrlpipe(xdev, 0), MCS7830_WR_BREQ,
- MCS7830_WR_BMREQ, 0x0000, index, data,
+ MCS7830_WR_BMREQ, 0x0000, index, buffer,
size, MCS7830_CTRL_TIMEOUT);
+ kfree(buffer);
return ret;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/