[PATCH 3.18 46/68] staging: vt6655: fix overly large stack usage

From: Greg Kroah-Hartman
Date: Fri May 05 2017 - 14:47:50 EST

Next message: Linus Torvalds: "Re: [GIT PULL] Please pull powerpc/linux.git powerpc-4.12-1 tag"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 42/68] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE"
In reply to: Greg Kroah-Hartman: "[PATCH 3.18 42/68] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE"
Next in thread: Greg Kroah-Hartman: "[PATCH 3.18 41/68] l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.18-stable review patch. If anyone has any objections, please let me know.

------------------

From: Arnd Bergmann <arnd@xxxxxxxx>

We get a warning for the large stack usage in some configurations:

drivers/staging/vt6655/device_main.c: In function 'device_ioctl':
drivers/staging/vt6655/device_main.c:2974:1: warning: the frame size of 1304 bytes is larger than 1024 bytes [-Wframe-larger-than=]

This is addressed in linux-3.19 with commit 67013f2c0e58 ("staging: vt6655:
mac80211 conversion add main mac80211 functions"), which obsoletes the
device_ioctl() function, but as that does not apply to stable kernels,
this picks an easier way out by using dynamic allocation.

The driver was merged in 2.6.31, and the fix applies to all versions
before 3.19.

Fixes: 5449c685a4b3 ("Staging: Add pristine upstream vt6655 driver sources")
Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/staging/vt6655/device_main.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -2818,11 +2818,13 @@ static int device_ioctl(struct net_devi
pr_debug(" SIOCSIWSENS\n");
rc = -EOPNOTSUPP;
break;
-
case SIOCGIWAPLIST: {
- char buffer[IW_MAX_AP * (sizeof(struct sockaddr) + sizeof(struct iw_quality))];
+ char *buffer = kzalloc(IW_MAX_AP * (sizeof(struct sockaddr) +
+ sizeof(struct iw_quality)), GFP_KERNEL);

- if (wrq->u.data.pointer) {
+ if (!buffer) {
+ rc = -ENOMEM;
+ } else if (wrq->u.data.pointer) {
rc = iwctl_giwaplist(dev, NULL, &(wrq->u.data), buffer);
if (rc == 0) {
if (copy_to_user(wrq->u.data.pointer,
@@ -2832,6 +2834,7 @@ static int device_ioctl(struct net_devi
rc = -EFAULT;
}
}
+ kfree(buffer);
}
break;

@@ -2878,7 +2881,6 @@ static int device_ioctl(struct net_devi
pr_debug(" SIOCGIWGENIE\n");
rc = iwctl_giwgenie(dev, NULL, &(wrq->u.data), wrq->u.data.pointer);
break;
-
case SIOCSIWENCODEEXT: {
char extra[sizeof(struct iw_encode_ext)+MAX_KEY_LEN+1];

Next message: Linus Torvalds: "Re: [GIT PULL] Please pull powerpc/linux.git powerpc-4.12-1 tag"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 42/68] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE"
In reply to: Greg Kroah-Hartman: "[PATCH 3.18 42/68] net: avoid signed overflows for SO_{SND|RCV}BUFFORCE"
Next in thread: Greg Kroah-Hartman: "[PATCH 3.18 41/68] l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]