staging: vt6656: use off stack for out buffer USB transfers.
authorMalcolm Priestley <tvboxspy@gmail.com>
Sat, 22 Apr 2017 10:14:57 +0000 (11:14 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 28 Apr 2017 10:02:05 +0000 (12:02 +0200)
Since 4.9 mandated USB buffers be heap allocated this causes the driver
to fail.

Since there is a wide range of buffer sizes use kmemdup to create
allocated buffer.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/vt6656/usbpipe.c

index 9ad8503d2589d68f2e5afb817f9f814033a7b0ba..ea5a7c65ad1bafa7f95c7713cc86f067280f6a05 100644 (file)
@@ -47,15 +47,25 @@ int vnt_control_out(struct vnt_private *priv, u8 request, u16 value,
                     u16 index, u16 length, u8 *buffer)
 {
        int status = 0;
+       u8 *usb_buffer;
 
        if (test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags))
                return STATUS_FAILURE;
 
        mutex_lock(&priv->usb_lock);
 
+       usb_buffer = kmemdup(buffer, length, GFP_KERNEL);
+       if (!usb_buffer) {
+               mutex_unlock(&priv->usb_lock);
+               return -ENOMEM;
+       }
+
        status = usb_control_msg(priv->usb,
-               usb_sndctrlpipe(priv->usb, 0), request, 0x40, value,
-                       index, buffer, length, USB_CTL_WAIT);
+                                usb_sndctrlpipe(priv->usb, 0),
+                                request, 0x40, value,
+                                index, usb_buffer, length, USB_CTL_WAIT);
+
+       kfree(usb_buffer);
 
        mutex_unlock(&priv->usb_lock);